From 6d930c3fa41d2107ff283599b08d879e145be426 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:43:34 +0100 Subject: [PATCH 1/8] feat[client]: manage zellij using nix --- SwarselSystems.org | 1310 ++++++++++++++++- .../{default.kdl.nix => swarsel.kdl.nix} | 0 modules/home/common/kitty.nix | 18 +- modules/home/common/zellij-keybinds.nix | 1233 ++++++++++++++++ modules/home/common/zellij.nix | 53 +- 5 files changed, 2604 insertions(+), 10 deletions(-) rename files/zellij/layouts/{default.kdl.nix => swarsel.kdl.nix} (100%) create mode 100644 modules/home/common/zellij-keybinds.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index a572bdd..6be1f72 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -13304,11 +13304,23 @@ The theme is handled by stylix. config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; - keybindings = { }; + keybindings = let + bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key)); + in bindWithModifier { + "page_up" = "scroll_page_up"; + "up" = "scroll_page_up"; + "page_down" = "scroll_page_down"; + "down" = "scroll_page_down"; + "w" = "no_op"; + }; settings = { - scrollback_lines = 10000; + cursor_blink_interval = 0; + disable_ligatures = "cursor"; enable_audio_bell = false; notify_on_cmd_finish = "always 20"; + open_url_with = "xdg-open"; + scrollback_lines = 100000; + scrollback_pager_history_size = 512; }; }; }; @@ -13489,6 +13501,7 @@ Currently I only use it as before with =initExtra= though. #+end_src **** zellij +***** Main config :PROPERTIES: :CUSTOM_ID: h:00de4901-631c-4b4c-86ce-d9d6e62ed8c7 :END: @@ -13500,6 +13513,55 @@ Currently I only use it as before with =initExtra= though. programs.zellij = { enable = true; enableZshIntegration = true; + settings = { + pane_frames = false; + simplified_ui = false; + default_shell = "zsh"; + copy_on_select = true; + on_force_close = "detach"; + show_startup_tips = false; + support_kitty_keyboard_protocol = true; + default_layout = "swarsel"; + layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts"; + theme_dir = "${config.home.homeDirectory}/.config/zellij/themes"; + scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines; + session_serialization = true; + + copy_command = + if pkgs.stdenv.hostPlatform.isLinux then + "wl-copy" + else if pkgs.stdenv.hostPlatform.isDarwin then + "pbcopy" + else + ""; + ui.pane_frames = { + rounded_corners = true; + hide_session_name = true; + }; + plugins = { + tab-bar.path = "tab-bar"; + status-bar.path = "status-bar"; + strider.path = "strider"; + compact-bar.path = "compact-bar"; + }; + # configuration = { + # _props.location = "zellij:configuration"; + # }; + # filepicker = { + # _props.location = "zellij:strider"; + # cwd = "/"; + # }; + # plugin-manager = { + # _props.location = "zellij:plugin-manager"; + # }; + # session-manager = { + # _props.location = "zellij:session-manager"; + # }; + # welcome-screen = { + # _props.location = "zellij:session-manager"; + # welcome_screen = true; + # }; + }; }; home.packages = with pkgs; [ @@ -13507,8 +13569,1244 @@ Currently I only use it as before with =initExtra= though. ]; xdg.configFile = { - "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; }; + }; + }; + + } +#+end_src +***** Keybinds +#+begin_src nix-ts :tangle modules/home/common/zellij-keybinds.nix + { lib, config, ... }: + { + config = lib.mkIf config.swarselmodules.zellij { + programs.zellij = { + settings.keybinds = { + _props.clear-defaults = true; + + locked = { + _children = [ + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + pane = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { SwitchToMode._args = [ "renamepane" ]; } + { PaneNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "e" ]; + _children = [ + { TogglePaneEmbedOrFloating = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "f" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ SwitchFocus = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { ToggleFloatingPanes = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { TogglePaneFrames = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + tab = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "1" ]; + _children = [ + { GoToTab._args = [ 1 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "2" ]; + _children = [ + { GoToTab._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "3" ]; + _children = [ + { GoToTab._args = [ 3 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "4" ]; + _children = [ + { GoToTab._args = [ 4 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "5" ]; + _children = [ + { GoToTab._args = [ 5 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "6" ]; + _children = [ + { GoToTab._args = [ 6 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "7" ]; + _children = [ + { GoToTab._args = [ 7 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "8" ]; + _children = [ + { GoToTab._args = [ 8 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "9" ]; + _children = [ + { GoToTab._args = [ 9 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [ + { BreakPaneLeft = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "]" ]; + _children = [ + { BreakPaneRight = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "b" ]; + _children = [ + { BreakPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { SwitchToMode._args = [ "renametab" ]; } + { TabNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { ToggleActiveSyncTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ ToggleTab = { }; }]; + }; + } + ]; + }; + + resize = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "+" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "-" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "=" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "H" ]; + _children = [{ Resize._args = [ "Decrease left" ]; }]; + }; + } + { + bind = { + _args = [ "J" ]; + _children = [{ Resize._args = [ "Decrease down" ]; }]; + }; + } + { + bind = { + _args = [ "K" ]; + _children = [{ Resize._args = [ "Decrease up" ]; }]; + }; + } + { + bind = { + _args = [ "L" ]; + _children = [{ Resize._args = [ "Decrease right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + move = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ MovePane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ MovePaneBackwards = { }; }]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ MovePane = { }; }]; + }; + } + ]; + }; + + scroll = { + _children = [ + { + bind = { + _args = [ "e" ]; + _children = [ + { EditScrollback = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { SwitchToMode._args = [ "entersearch" ]; } + { SearchInput._args = [ 0 ]; } + ]; + }; + } + ]; + }; + + search = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ Search._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ Search._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [{ SearchToggleOption._args = [ "Wrap" ]; }]; + }; + } + ]; + }; + + session = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "configuration" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "plugin-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "session-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_except \"locked\"" = { + _children = [ + { + bind = { + _args = [ "Alt left" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt right" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt +" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt -" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "Alt =" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt [" ]; + _children = [{ PreviousSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt ]" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt f" ]; + _children = [{ ToggleFloatingPanes = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "locked" ]; }]; + }; + } + { + bind = { + _args = [ "Alt h" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt i" ]; + _children = [{ MoveTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt l" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt n" ]; + _children = [{ NewPane = { }; }]; + }; + } + { + bind = { + _args = [ "Alt o" ]; + _children = [{ MoveTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl q" ]; + _children = [{ Quit = { }; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"move\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "move" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"session\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "session" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ SwitchToMode._args = [ "tmux" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"tab\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "tab" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"pane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "pane" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"resize\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "resize" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\"" = { + _children = [ + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_among \"pane\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseFocus = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "PageDown" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "PageUp" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "left" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl c" ]; + _children = [ + { ScrollToBottom = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [{ HalfPageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl f" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "u" ]; + _children = [{ HalfPageScrollUp = { }; }]; + }; + } + ]; + }; + + entersearch = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "search" ]; }]; + }; + } + ]; + }; + + renametab = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenameTab = { }; } + { SwitchToMode._args = [ "tab" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + renamepane = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenamePane = { }; } + { SwitchToMode._args = [ "pane" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"session\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "d" ]; + _children = [{ Detach = { }; }]; + }; + } + ]; + }; + + tmux = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "space" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "\"" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "%" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "," ]; + _children = [{ SwitchToMode._args = [ "renametab" ]; }]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [ + { Write._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { GoToNextTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ FocusNextPane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { GoToPreviousTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + }; }; }; @@ -24488,12 +25786,12 @@ index 3a0f90e..bb10f8b 100644 #include "nix-plugins-config.h" #+end_src -** Zellij layout default.kdl.nix +** Zellij layout swarsel.kdl.nix :PROPERTIES: :CUSTOM_ID: h:bed316c9-47ed-494f-8375-998ef1315d7b :END: -#+begin_src shell :tangle files/zellij/layouts/default.kdl.nix +#+begin_src shell :tangle files/zellij/layouts/swarsel.kdl.nix { config, pkgs }: let inherit (config.lib.stylix) colors; diff --git a/files/zellij/layouts/default.kdl.nix b/files/zellij/layouts/swarsel.kdl.nix similarity index 100% rename from files/zellij/layouts/default.kdl.nix rename to files/zellij/layouts/swarsel.kdl.nix diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index 2b57e93..2778a54 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -4,11 +4,25 @@ config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; - keybindings = { }; + keybindings = + let + bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key)); + in + bindWithModifier { + "page_up" = "scroll_page_up"; + "up" = "scroll_page_up"; + "page_down" = "scroll_page_down"; + "down" = "scroll_page_down"; + "w" = "no_op"; + }; settings = { - scrollback_lines = 10000; + cursor_blink_interval = 0; + disable_ligatures = "cursor"; enable_audio_bell = false; notify_on_cmd_finish = "always 20"; + open_url_with = "xdg-open"; + scrollback_lines = 100000; + scrollback_pager_history_size = 512; }; }; }; diff --git a/modules/home/common/zellij-keybinds.nix b/modules/home/common/zellij-keybinds.nix new file mode 100644 index 0000000..8ff17b9 --- /dev/null +++ b/modules/home/common/zellij-keybinds.nix @@ -0,0 +1,1233 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.swarselmodules.zellij { + programs.zellij = { + settings.keybinds = { + _props.clear-defaults = true; + + locked = { + _children = [ + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + pane = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { SwitchToMode._args = [ "renamepane" ]; } + { PaneNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "e" ]; + _children = [ + { TogglePaneEmbedOrFloating = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "f" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ SwitchFocus = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { ToggleFloatingPanes = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { TogglePaneFrames = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + tab = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "1" ]; + _children = [ + { GoToTab._args = [ 1 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "2" ]; + _children = [ + { GoToTab._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "3" ]; + _children = [ + { GoToTab._args = [ 3 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "4" ]; + _children = [ + { GoToTab._args = [ 4 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "5" ]; + _children = [ + { GoToTab._args = [ 5 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "6" ]; + _children = [ + { GoToTab._args = [ 6 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "7" ]; + _children = [ + { GoToTab._args = [ 7 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "8" ]; + _children = [ + { GoToTab._args = [ 8 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "9" ]; + _children = [ + { GoToTab._args = [ 9 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [ + { BreakPaneLeft = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "]" ]; + _children = [ + { BreakPaneRight = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "b" ]; + _children = [ + { BreakPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { SwitchToMode._args = [ "renametab" ]; } + { TabNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { ToggleActiveSyncTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ ToggleTab = { }; }]; + }; + } + ]; + }; + + resize = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "+" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "-" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "=" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "H" ]; + _children = [{ Resize._args = [ "Decrease left" ]; }]; + }; + } + { + bind = { + _args = [ "J" ]; + _children = [{ Resize._args = [ "Decrease down" ]; }]; + }; + } + { + bind = { + _args = [ "K" ]; + _children = [{ Resize._args = [ "Decrease up" ]; }]; + }; + } + { + bind = { + _args = [ "L" ]; + _children = [{ Resize._args = [ "Decrease right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + move = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ MovePane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ MovePaneBackwards = { }; }]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ MovePane = { }; }]; + }; + } + ]; + }; + + scroll = { + _children = [ + { + bind = { + _args = [ "e" ]; + _children = [ + { EditScrollback = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { SwitchToMode._args = [ "entersearch" ]; } + { SearchInput._args = [ 0 ]; } + ]; + }; + } + ]; + }; + + search = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ Search._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ Search._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [{ SearchToggleOption._args = [ "Wrap" ]; }]; + }; + } + ]; + }; + + session = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "configuration" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "plugin-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "session-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_except \"locked\"" = { + _children = [ + { + bind = { + _args = [ "Alt left" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt right" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt +" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt -" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "Alt =" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt [" ]; + _children = [{ PreviousSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt ]" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt f" ]; + _children = [{ ToggleFloatingPanes = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "locked" ]; }]; + }; + } + { + bind = { + _args = [ "Alt h" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt i" ]; + _children = [{ MoveTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt l" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt n" ]; + _children = [{ NewPane = { }; }]; + }; + } + { + bind = { + _args = [ "Alt o" ]; + _children = [{ MoveTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl q" ]; + _children = [{ Quit = { }; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"move\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "move" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"session\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "session" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ SwitchToMode._args = [ "tmux" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"tab\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "tab" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"pane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "pane" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"resize\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "resize" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\"" = { + _children = [ + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_among \"pane\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseFocus = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "PageDown" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "PageUp" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "left" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl c" ]; + _children = [ + { ScrollToBottom = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [{ HalfPageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl f" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "u" ]; + _children = [{ HalfPageScrollUp = { }; }]; + }; + } + ]; + }; + + entersearch = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "search" ]; }]; + }; + } + ]; + }; + + renametab = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenameTab = { }; } + { SwitchToMode._args = [ "tab" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + renamepane = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenamePane = { }; } + { SwitchToMode._args = [ "pane" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"session\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "d" ]; + _children = [{ Detach = { }; }]; + }; + } + ]; + }; + + tmux = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "space" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "\"" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "%" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "," ]; + _children = [{ SwitchToMode._args = [ "renametab" ]; }]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [ + { Write._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { GoToNextTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ FocusNextPane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { GoToPreviousTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + }; + }; + }; + +} diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index 92d4507..47492ff 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -5,6 +5,55 @@ programs.zellij = { enable = true; enableZshIntegration = true; + settings = { + pane_frames = false; + simplified_ui = false; + default_shell = "zsh"; + copy_on_select = true; + on_force_close = "detach"; + show_startup_tips = false; + support_kitty_keyboard_protocol = true; + default_layout = "swarsel"; + layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts"; + theme_dir = "${config.home.homeDirectory}/.config/zellij/themes"; + scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines; + session_serialization = true; + + copy_command = + if pkgs.stdenv.hostPlatform.isLinux then + "wl-copy" + else if pkgs.stdenv.hostPlatform.isDarwin then + "pbcopy" + else + ""; + ui.pane_frames = { + rounded_corners = true; + hide_session_name = true; + }; + plugins = { + tab-bar.path = "tab-bar"; + status-bar.path = "status-bar"; + strider.path = "strider"; + compact-bar.path = "compact-bar"; + }; + # configuration = { + # _props.location = "zellij:configuration"; + # }; + # filepicker = { + # _props.location = "zellij:strider"; + # cwd = "/"; + # }; + # plugin-manager = { + # _props.location = "zellij:plugin-manager"; + # }; + # session-manager = { + # _props.location = "zellij:session-manager"; + # }; + # welcome-screen = { + # _props.location = "zellij:session-manager"; + # welcome_screen = true; + # }; + }; }; home.packages = with pkgs; [ @@ -12,8 +61,8 @@ ]; xdg.configFile = { - "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; }; }; }; From 4464041c31014115db33d2ab38090cd836387851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:45:08 +0100 Subject: [PATCH 2/8] feat[server]: improve nginx config --- SwarselSystems.org | 97 +++++++++++++++++++++++++++++++++- modules/nixos/server/nginx.nix | 97 +++++++++++++++++++++++++++++++++- 2 files changed, 192 insertions(+), 2 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 6be1f72..b049beb 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -7049,9 +7049,60 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; + serviceUser = "nginx"; + serviceGroup = serviceUser; + + sslBasePath = "/etc/ssl"; + dhParamsPathBase = "${sslBasePath}/dhparams.pem"; + dhParamsPath = + if config.swarselsystems.isImpermanence then + "/persist/${dhParamsPathBase}" + else + "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + options.services.nginx = { + recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; + virtualHosts = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options.locations = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule (submod: { + options = { + recommendedSecurityHeaders = lib.mkOption { + type = lib.types.bool; + default = config.services.nginx.recommendedSecurityHeaders; + description = "Whether to add additional security headers to this location."; + }; + + X-Frame-Options = lib.mkOption { + type = lib.types.str; + default = "DENY"; + description = "The value to use for X-Frame-Options"; + }; + }; + config = lib.mkIf submod.config.recommendedSecurityHeaders { + extraConfig = lib.mkBefore '' + # Enable HTTP Strict Transport Security (HSTS) + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + + # Minimize information leaked to other domains + add_header Referrer-Policy "origin-when-cross-origin"; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options "${submod.config.X-Frame-Options}"; + add_header X-Content-Type-Options "nosniff"; + ''; + }; + }) + ); + }; + } + ); + }; + }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -7064,24 +7115,68 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; }; + users.groups.acme.members = [ "nginx" ]; + security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; + reloadServices = [ "nginx" ]; + dnsPropagationCheck = true; }; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ dhParamsPathBase ]; + }; + services.nginx = { enable = true; + user = serviceUser; + group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections + recommendedBrotliSettings = true; + recommendedSecurityHeaders = true; + sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; + sslDhparam = dhParamsPathBase; + virtualHosts.fallback = { + default = true; + rejectSSL = true; + locations."/".extraConfig = '' + deny all; + ''; + }; }; + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateDHParams" "users" "groups" ]; + }; + system.activationScripts."generateDHParams" = + { + text = '' + set -eu + + ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} + + if [ ! -f "${dhParamsPathBase}" ]; then + ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 + chmod 0644 ${dhParamsPath} + chown ${serviceUser}:${serviceGroup} ${dhParamsPath} + fi + ''; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; + }; }; } #+end_src diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index bccbcc0..cfe9330 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -3,9 +3,60 @@ let inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; + serviceUser = "nginx"; + serviceGroup = serviceUser; + + sslBasePath = "/etc/ssl"; + dhParamsPathBase = "${sslBasePath}/dhparams.pem"; + dhParamsPath = + if config.swarselsystems.isImpermanence then + "/persist/${dhParamsPathBase}" + else + "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + options.services.nginx = { + recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; + virtualHosts = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options.locations = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule (submod: { + options = { + recommendedSecurityHeaders = lib.mkOption { + type = lib.types.bool; + default = config.services.nginx.recommendedSecurityHeaders; + description = "Whether to add additional security headers to this location."; + }; + + X-Frame-Options = lib.mkOption { + type = lib.types.str; + default = "DENY"; + description = "The value to use for X-Frame-Options"; + }; + }; + config = lib.mkIf submod.config.recommendedSecurityHeaders { + extraConfig = lib.mkBefore '' + # Enable HTTP Strict Transport Security (HSTS) + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + + # Minimize information leaked to other domains + add_header Referrer-Policy "origin-when-cross-origin"; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options "${submod.config.X-Frame-Options}"; + add_header X-Content-Type-Options "nosniff"; + ''; + }; + }) + ); + }; + } + ); + }; + }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -18,23 +69,67 @@ in ''; }; + users.groups.acme.members = [ "nginx" ]; + security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; + reloadServices = [ "nginx" ]; + dnsPropagationCheck = true; }; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ dhParamsPathBase ]; + }; + services.nginx = { enable = true; + user = serviceUser; + group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections + recommendedBrotliSettings = true; + recommendedSecurityHeaders = true; + sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; + sslDhparam = dhParamsPathBase; + virtualHosts.fallback = { + default = true; + rejectSSL = true; + locations."/".extraConfig = '' + deny all; + ''; + }; }; + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateDHParams" "users" "groups" ]; + }; + system.activationScripts."generateDHParams" = + { + text = '' + set -eu + + ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} + + if [ ! -f "${dhParamsPathBase}" ]; then + ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 + chmod 0644 ${dhParamsPath} + chown ${serviceUser}:${serviceGroup} ${dhParamsPath} + fi + ''; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; + }; }; } From 80afe6964d9a4f0ef4bc460c61de4a956398fd84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:45:44 +0100 Subject: [PATCH 3/8] feat[server]: improve kanidm config --- SwarselSystems.org | 39 +++++++++++++++++++++++++++------ modules/nixos/server/kanidm.nix | 39 +++++++++++++++++++++++++++------ 2 files changed, 64 insertions(+), 14 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index b049beb..906a325 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -9694,8 +9694,18 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ Date: Mon, 17 Nov 2025 22:46:46 +0100 Subject: [PATCH 4/8] chore[client]: better pii management --- SwarselSystems.org | 40 ++----------------------------------- modules/home/common/ssh.nix | 40 ++----------------------------------- secrets/repo/pii.nix.enc | 6 +++--- 3 files changed, 7 insertions(+), 79 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 906a325..6230f85 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -12630,7 +12630,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host. #+begin_src nix-ts :tangle modules/home/common/ssh.nix - { lib, config, ... }: + { lib, config, nixosConfig ? config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; config = lib.mkIf config.swarselmodules.ssh { @@ -12654,43 +12654,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This controlPath = "~/.ssh/master-%r@%n:%p"; controlPersist = "no"; }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "bakery" = { - hostname = "192.168.1.136"; - user = "root"; - }; - "dgx" = { - hostname = "192.168.48.200"; - user = "swarsel"; - }; - "winters" = { - hostname = "192.168.178.24"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "milkywell" = { - hostname = "193.122.53.173"; - user = "root"; - }; - "moonside" = { - hostname = "130.61.238.239"; - user = "root"; - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - }; + } // nixosConfig.repo.secrets.common.ssh.hosts; }; }; } diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index c5fac9b..562f68a 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ lib, config, nixosConfig ? config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; config = lib.mkIf config.swarselmodules.ssh { @@ -22,43 +22,7 @@ controlPath = "~/.ssh/master-%r@%n:%p"; controlPersist = "no"; }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "bakery" = { - hostname = "192.168.1.136"; - user = "root"; - }; - "dgx" = { - hostname = "192.168.48.200"; - user = "swarsel"; - }; - "winters" = { - hostname = "192.168.178.24"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "milkywell" = { - hostname = "193.122.53.173"; - user = "root"; - }; - "moonside" = { - hostname = "130.61.238.239"; - user = "root"; - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - }; + } // nixosConfig.repo.secrets.common.ssh.hosts; }; }; } diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 85d15f6..48ee1ff 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:FMhv0WezQAH1OX7F2WlgdAEn54aAZtCXyFNP+8CboukwlL1+VzzcsjQK7/KJqXiHfIFHfn7N0P/y8tk2P+A2Ucbl1NYxj5IgfL7ohAACDhAVkofCM5CD4KcE1DoL4Ja56K6qkjlAi/t7NRv6tUYIr+NZqr2g70F0RQbgF1dkdpxW1JUNmreF5CnXDYtqz6+iMpekNXkj+wt/Zc9lQ/zW1fP4IH0C64SG+lFucpseOwP3YhvjFpzyT/11+uiStc6l2r+luNT8eJsaCYmcSqK5+1lJglIph1k4H+Xy1ccRHHeesy9+ySaGBP3h5uY9+JOdYe5fO9SYZt0cKO4Oic32Yq+uZ0Ldu0hPzDN4MMHsBP6lYidSXqs/kVgxEbPJ7T0RnQmFCVDhWE346HquZBfrGuxBOu2ifkxAFVHJyGaItOk2wlxcPDbU0P+t584CXlVIdGRS/mvW4xxXBCVlEi+QM8a4JcM7y1RJZV6S6R1DGC1nXgdscpcRGIfp6BcKPmSB2vZO8rx2qOMdUPS0FEOEVnHsvnwczGZHJuq6WjxvLNnzBH4gZtc30OKimlxXhQA6qyjupH7P65ayiFt9vvT/fFnYZr9aABc2xbSmqyJZS1wfvl5JMQWnUayigxfzYMdxuMC9+8SCykqXmy7hDlJeBBobSxdQUVhHAprY/sn+FOBzK5ZYb0wsavXI9w9sUSdQiU4XIxDb/FXJgs89FZ8p+uWQ1vFglF6XYR299LScIN7CsvLyGdk1idr08WCc92+9DSnSv9onM1UGD6IkSjMB3SoexuGa6Kj5yi5qyAOtvmMl8NwJn8Xh+gEE+FSUi+GAhh+aLvNbiIVPPmNXgI2+slUn6bzGDLk3NQMMeQ+JrX/SdT7q9Awxe9jtdsej4CGINrrTYKHsaPocVQkK6wpiQh8XbvxKoOV3UU3x9ouEVUjHrN06UbXWFXQSjEz5QXdtjpyTqxi6AaoL8M/yFTL4uB2ahPZ8bC17ZVq9eXwUtHIyKwClbTHTzlkJzr7lR7I1zWLtZIKy0pr8Si5DEkIuT7YCo5w5Pa3Z9DCkdAAL2t7TNTdrQo3H/iid7YKupfCeQxYYf836toX1Ff7jTCLtTEbfk3fOcbpu4uD0geWx4vI6V5lolJJ950ETnx+pq8EFVEk5D6VSfGo+Hl9c2xZ9UraYo9I0HzSSe12FSEVF/anKMVhBZGxdIxqCQQuu/FSNhkaFpmYpcEgodmFGQbAY0OworSg9ZnFWVMgQ33T/cna9Ene4AZ93DJaNrlzT8Jk0QIqCQjIIiZwUqPxABk0epNMLMZzZBJ/8nwN28YU5/pp4c+53RYPjMD4NlC/P+JXMxF+bidSOSYHb4Ucs1vIRljDSWumb46ZXoV+4sCBSdG0LjNVLkyx9P2vYhcw5G1KduSrUMY9VVOePcVQGYfsWjyi0nLyWadu9UUASafUwkOo2JoEjIdKWqg3zQRYIMr0GYp0Kf1EGVTPRPOApnbyLezDQsSnSZzakcJ1qDSFyLjlBMwoE5Rmndp+TS5kUEQaNeJQb56tTbDLWxlpgCoDgtfL5q+gjuVsjwkvUA9o9usBF+hndDl/fzs/ajR9q8V+hBS4j1AQROFRQhQv7vYdGA+Q3z18nTBheY2MgzpGBUwOEFuJJ+ndPANtVC7EIMz/rwKg7g777cwYLHyiJG1Rtj+45w1DmktS7sIyD0/RUt7ApF/v6PeMY+lVjXCKUfgNDaeiHQzKQpCF4+O4CThKa7Tg0keKI4fuJMoFEqZcfEr1TVEFg8AKcBzqdHMyUeUDyLIf2Sp7GJQXTbNA7TlCI5iABJ9McCK01RMqf/1Ew6NJfNDp1yjMd3NpozvAvMXIunmjUjKHzraW+gw/+z4XCq9ifALcKes3Y1R/tQmVfymnMGGoB3bErSIRIDA47IeR5OnrNVwrTM+l2Ew6jFBoWXH6pfaPj6SkdNgOEPp1mHlHf/x9YDBp2ZmtLAG3vlf4bXk0PQhNIb4bm71WyqqFiYwrI82o0Q+UocSxo/lNnLuvO3OxL1P9tp7OPi8kiB7G/D65qvE653xgXmo1OLk+RBJjhqSxBrPJTNbEcPhp36xjg4QtE9alC0XvzKaGUR9GawD6ZEmgE5payDSRXMPD1ZHx8dxr4wdJmxYFpwXFH8UheiKk2dhoGLkMoIempdsmteyaBh+qbeomXaq0+ihHAHkCtzQOc83cr5OS1tmcU1LbsHQ6ZMfBtpig/yWUdpGzFFTPPVKKx2+bWOkOW44IfkLsnAVjo0fvofnL6wuFBKVVF0bfQmlWBheR/VeVrwEjbxTfVOqRmBsliBSxzr5A5FsK5LGfzsyll/8IegLuE+412Kj3EZLVx3c+xq15oAh66/5JaiZ2C69azvb3gPr5NryLFqW0a5gxw1o3SiOA/L5mgzhqvFpf2+dfXLebahVpAYCpP+XLbYTuDiIbCJouUxBMWZgsmaIcwrGKecixLa0LtESsfLSi7F7jk37OlrOaR1gW0PHhYDfmXq0fqHPulthCWEbm76xSCbuLc9L5FI4Kc648WkxXXR8388mv4xIFAURcorse7DObygZSOx+BW8zynUs7NexXnT9OGa9vTB0OTWadOGXNSIL3LNCmoGNtxjfMCfl+CgAWFQxC2OkajkLxu2g0Ff9eEBNUQGrs8EzMB4wKPDHvtnNrezq0NMFsA7NDyl24taCXZ9jNtk6wsq2mWPW+BjvmlwK5Q8VgMXGLhxDXn4322s5NXDZc2GrafflDgAz8cdMWD1kwj7I+V1YRR4BjXikON3ZeDc3IkvW/ZPbIklr1IfAz5dZ6/pxo1TOHbfkxeS1/xW4+QnCBNznoxMH8QpPnm35Ch++Hl5raSegQ1iDGcGaTu7cG3f3E9sAI8J/x9xzps0kybF1B9ngyvLP+Y+sQ6plqaiWhrAtOtSvQIuZwIqJ6CLTVvGGN0CJVxWz/GU2cxL4ierNmSmni9MroSWz6U+M5K9P2rAQdskIwv0pcZ/esk0C/IHRZEs4DbaFBTVJoPk/8eMKBhxXmomAOm7SFRTp6LMD7OrD/ext2S4cWXbcnXY7WX4+R2GT4yCIo0au3/CLX6znK0o4ml8dH6FzClJCiWL9pc3tFbCh5iCiIGaCXFZmAM3NStD8XLKvqatFxgmK9I2jSN98eSSMU8MexiRtTttzza/7Nqj3/3nCM1Qw4sIEC+a8TWjHJeE/6tJ9JyAHEYZuhE9P3AbECwa7nIQB5NbKF/IDrHUN+fw7mKEPMgbMBQ1ITWg8Glmb2trzms2WlxIm071j+9jYEs/F/n9/mzX6/iyCRegmXUhN9rcPr34GQiw4uLrWKnRhHMQNwOMPVOG6MgPm9+eYBExY7Avl/Evscidd6uewc/+z1soTNIh0qjWS5R5ubgET+Y1G6B68dVrqLE9rA9Z3yIfcp8q/mal+qlkiSv9Vx8285CcM1H2nmXN40zGO3Ad9kVwsgzoHknIW9woUNly9GZeeSx6m5GCqAR7RFsNh6G0xYE7gtWoNs5xhGOyY7Dp+6XhYUPJQJF/kJkKmfFr/0nzXDjCqC2Fdc+OO5ao2nMod3uXFFUZBZzms0+RM0fcTwDLdaEkTw2q63ik4yRcBL7k5uMb7YTeZTitKFmaqPfq9DNgs+hItzDDAUBiJxbww40Z7O1kByg5J2PHU0Z0QJR5pXdMIwakLsKBIWZ7vVWGTmiPM46uRQSrdmjLUVCpanXk4OnRp2JA/Enhe76eASIN0rmHNLAPgzY5H8uhdAnlZ83RZ9qacOgQbjQ9s+rvUl+LpbxnZOolWcVnGUHZj/u11AVIz4VS6AB4g2rFpxSpt0welvuvngshOW+qpzIiw1k0oXsX4WkvxG4s7dwlfAUuYpJCU92EtSkF3z8qBSG35J6k156nXul/zIrxsYv8iuj7Oc5YwceqPhWNaysdRfueEgarfTdJiLisKqeWB8JTEFLDQCHDrbT8krWbbxe1e948grStUpx86BhQIB9bY3lleGgb8J3NNbU1qIltoVwxegECm2CyoA5NHJG5pLaaYBRlWlQC/VZMoo385DQL3k/Vsrn31qdNc50aPisQnqrKbqCdIcdG26VnXkJC9gyhHefzXwu+VkvJJ4eGBmRZF+eB7enzyjHaqjLXJJuk2drsDzWnuAGGA8Ys1KN/mJY4tF741Ba8rZmr/4BcPPRzR47PDOtBQsaI7RsdX+DoVsdgX6P8b3iVIuEm3DHjZlaeQDqFqrp/Q9gHEAjUmpa+zAk1wZ1XU5fw8YiKj3xP+/9pQ5QHqU+IkeZK7306b7rywI7PJf32QOfaSFPBiPI1NhQsBRoVbR5VKNiwK9nKA6fhxiWjvHqcCI8+MoxWhXbq2TwSfQLg91+NwzAUaH61xR1dQw55UAAUS0HfoZTSKqyyIffTNvF6ulRJITMtr6h1q0N8cVdZln0zTBT2k8uMvt5z5RFc58XpRhm8FXXx9LYtlMSdshVhYYyqepMOnhn/4UU25aqQ6swVmsyoJgFYM9ABXbMlFIGVivGEptHDEA5EFhfb6uPUHFmMKkT4rV4Uy8h0h2P8vEitCRZLW/VM3t14/2CN7IT5EQqmKyei+CdKHXiqJlb+Oi7bAATLiroIRoRdF9Ydp1nDRgU6XMxfv+60o2Cxkal2lSmM9YsCByLXY0Zefen0TNca/wndhuRkSJ/GVu2+E6OZtx9zfC0I/GDV4g8TfK3GLGINXBwifOrTcPTyaRgGmAO7OmhNES1pgEvebbeTJipVvq6PCGzVMARsQMF10eHvZQpgMjSq0mSSyccW4BF7PVF4013hgZuT3ZzHHN8zPUyRPifqyLYc3grL0ZOrY6zM+HWM0WvtE3T0u7psdxdxkqHWIxaCnbn3w8H/pqjBb5f6xWjC0auzM6lPtJ6zZ28TBuwSm2ovcOpeGVUx0iYMGLrRty6Iu02,iv:0rzvTEH041voxTfHnSlAfQx7SyBvcY6fUQxbmfqyGmA=,tag:CmyhGqlyXqI5o2H3T+otpw==,type:str]", + "data": "ENC[AES256_GCM,data:AmILjmXaYip12IA3T3duZIb7Us6FSby/gdbumUJ69y9cU5CK84W8A5zNIv/pNorvbI/d4d4cwcIWOQJdb0vMnTx97ftaPJl5rK1TaboL+CbbZviIE6HTTnkZlutdFjjqzkv9TCcJ1Cm/Krf+/AiSX2bYujzggBMhrOpkb3Wt7iTvxpSahUZkyRLJTDkY8OJdc4uXTpZIoPEEWOF/ZXOdEYOuNvES0dGwzCLhmYBf/yWsRgr7ICRSH0k14lsQRmRa2ZGq07jNlu/f+zXtIR4UMQC732ERLFBKTdqcvFffhKYuy9xL2FNJFuCZ+FXsFtV1Y0YQYeR3B/30EHxLrqiRzF/orkA4mdFgdBqiOcTJKnOeanGF2Im0XiZj6XjoAftHINpX6SGVZOk2mgd8e5giNcMew7izQyQdwQBnG0FKaZvLFO/5YLUdRN1kdtNaDlJ634L1y5lu78TWrXlAQxor9mS5nUQEoW3i6KDOA8OQRsU4xcWAfMTOTRS9Qdgo4fBupo+kTuztRHjv9Tyb8UvMtjyqngDSsmKcURNQWM5mO48g/tP9rtRY23g1B2no//LR+NmhutR8mHjG65GbH+eqF81fI/kqMVZrbXIkZbkh8W6Hg22CZHKQMWTGP+T/25XhnE1qEFs7VlYWHdIZr2c4bMHhNmI5DqEinn2qEe/5YtQ1de+rQC/3X4Oh0+6VRaJvJ7RKkqbUFMUNrgsrrRgnmSwqlvVOykppWdHxtnbUfmjuhXM/Fk5yUWgDA0qPofmcSNAfxzCDkpc5YaNXERe+20xD98VyRvYZS+OTywes5ComCXh1vfO5NpHbPoI2NbJqgJj2Kg8QsJBCRqAMECMAK/rm/adnmCAMGqHzd0gCWyWQr+sxXQSnst+9SXKFB7hsUQYm78hO9Tj+0CJJ8gZFc9GD4RimDbxu27hDcf5ycPqTJ1PqHqHJkGXT810bT1ArGv2udWaz88PONfYmfL2kvdcZuJtYCKRVLqZnjl6MKee3HN9O/MTCxqrE7ZWhZhHTwkgqWcrKFmUMedReUdcVqn8bNkeo2jlgHKHuilRIt0nuQtSNlm1CEBzjCS+c9sE60inlJ+HOnI7ZppiiXBadI6i7MZ5+EUYibjck0vApxm1MRPonZg7j9VHJB7aXkNn2YwtDo4ihjlmCt6AZRgoBYJ+jIwaLGpM2UYEX16E8QFdSWqE1ncFH2Gz5TswqDbztLGVRplRs1Ayn9XmHSkh9mfK+SDAEFy16rnBY6QuI3Xw9g6sQ5x4Usw2m5qoJ8qxTJzzCjDndqYWMeSV4z9Q2x13EB75sK4wBlN1oLn2ubxSiunHss/4nIARDsTGHYO2ilPM5ekajN/v5J5IH5dYwE9HT2pqtbtjo5Zk3JvL8fQiWBQDufjDfYnaLn26E/iu0Xl30uYLI1NwAxvGEPOOZ6fndBPkNYz8KNq2E0A7zv4pyDqA44/uPkfWJnWeVQXoYHOGj74Cc11+bVm6s0mjv35mLTg1EadWJZgQG9I+NHMXL+uvP6RGkX4oXnVT7rQHItv0jz27MlxK8/fm+UrOgFGYX+Pq2Rwam8HN0IprzH9QAqODhuNwTe4CwWS+cIk223/5t+M2NWems2p6JKxuZ08KkPseUQnwl0Wxu9pFKYSBctlgTrJ7Dp83rwbGHKDgB5ZBimsp/uT83dJrFCp7Rpks1AnLSXo5rn6p60Do8P3JfzXhLJqi3jHp4Wl3Qu9Sejq0Z6JVPfNkf24eIbQ0rNoSi7ruybSryXPSH5EPgmN/Sx36etCJ7/3XPmSkCRg0/o7gVRjbHvuNdexyzfR2UIHvm2qzWQDiggQyj3m/JWvgsqNBBAhcIiuv6eCznRDEjOUHXLqTYiz9NUJN8H1rxCg8dCBIsLfNwDE89edU7NsIGCqepbpos5dFzOPHrr8sCYwA5Xv2amQ4PJtULHrymz/SYwkVG60UWo0rl332a7bi1CQTa+MyGjbD8OTOMvr/itUrthND81oD+q6cK6B74qtrj8E6HG24yl8vJHIO4un1ZxZkkjUGP0pIRT0vd31sxQxUU2REeq+7Q1B3N9apbr49wYK+8EVBFwyxK+Ok72BIBVvZY82kNmUhBtyIOsqhT4e+c5VQ6YqKO5W8b4F7vSCGhzkbCyddcdhxWzoSKcFv5/mAxBVqnk9aXWMs1+x8lyfANRE89qYgjmw5hONloCL2hZVL28ykGt7wGTVFL6bOjpLaa0xUrfhraEiZCHyrOlqwYz9QDjmDmsURdW4plUwJa+8J5QVu73kC0c0WZ5xwoQppw8eUS3rGt+e1PaKByNfEPD5LLd17QFBdWzdiCMlVCl9M7+gblPbSMCTfcNNnB3MoBzD/znN2pEyNlwdJaMN/+kCQKSNlRh3U4oPAutK0/S7n4A5V4ZylRVFQ/j8digntEzr64wixLfy4L4hEVXroraY9/asciAS52+kXWSdPKqWPbzPsZBTVw7+aYXlwYzHtbhN16LbNSOS79lKbS1E2vSOzwtq1iKkB9ckjdAZebgIaL6wSGQDP6MESDqsgpPwwpr0faOjOz2tc0Bh+FUA0qIHP2WUSZUmws+gurPJfsLgm9OrK8YvzClZIG4Jw0BYHE9PPYfColMic5mFVIGGEALFcc9xx4G8Mh0lqTaDbVaJONQbQ2kzbJ70TiqISlaHxCpkeyH7Hg1kHuBCOUZUUe1Nh9vyxkQoW6qzqZa2H0+j1xqMmy8tw/sB55oUOkC0SzqQkS+7HPgoD/fMB+VVsrvOJX/YCSNip9NX1u5Yf+R91LiYAWnlT5CYnseSBbwyOQgF3ud1jN1QE/tnvjj3ASy2OoQbOnNhJUnoShxMGi8PRDv4tNHDFY/FbEmmiyH4q+D8j4FYkyxZorNMfxXVdDewRQNO5ZVyoIv6PFcKPEKHRqFrCGN46yT6MvjjeLqGAHanZkGBG766bg285gWRfXnR12ZV7g3mzbet8oWkL0W2os/LPjeMjSbEgtXVTFc+nHJajPKXDxQxx2N6kYopudyNgweBILLgbeLlCSZhJhyAWLpIOvlJ1PGNnbDyY2CR+SK4XH+8S+G3RwvOSW/4dJA6GUFv+Lweqa0j+JzrhSIZnE616IlhA5AlkVHySJKbFKBV7aQqu5WtWZz0uQRZdf+xQbPhMcKOh8L6OrMCJjDibJYgHLlf5yR2MawMpX2pkzUFpheah74+V7QQd6gBq6aqvLc/GpweOaxQ3h927EuiUOC+kkr2vT/lu/25/lfhpGzbL5sT0dxPbtVhymImMBaQz7tZpf/gUUu56LJfyp/Ct7XJEKOsN7tJtuJYsLL7NcqxB4X/fZz5wPfMr4SbJMCz+0AilZCRvXfJ38/LI33phb2RNE89WbO/PSTfphNBTgO1tAouIk1bvvILz3ObHM6bmjdb7FaFuP5PpzzS17OP3Yregz02STonGg/Gwx4Bw49Je535nZShuuhbuDdW20g1Af5mYXfTusLDMorddn0G13aNPpoOxEB8vFosnJsq8gi4Bei1WMTTaeTemNEbsdqFn3/7AYbzVtIGm2JjQScZ98RNM/j0zPE6u7tCd8YOStdAtK3aHtIm6lTvYb5eP6a9kpgVHGHaqdLey4F7RQE2Q7TNWH0A0NIsSEncvxTFUuqY2ERxN5WITBhPoUyPIvyXNkdgt1iwAMeSYs+emEQFrJ8uMb+gZ2WNusCMSU4IdnlA/ndAf+0hM2giaiWZ8xMDX0CzVxjye9ijId+XXJQqpxlsLHjc+ZD6sqYFE3nQrx6YRoa0eV3qBQCnse7aWbIqt5+Y+lG6GNQRIcwC7TzOxRY/d/iorFl2lw/KbkClb3LDlaz+wyTtBB6CEggPtdGebuM/9SGzn8waMx/m3vlRgGriJSyuDlqhQAyuaBDm56/hVc1/YhByL08zYgsUtLg7Dn0Q7JmpdKs3p35fz/9IhGNa423BrMHxo+ga/nsBU9U59jZm7aBfJ1LFbA5Akls6BUi9QFE37Z9Vm8u2bS1TGPAptvIVkGN6cmhJJsNApYr0g1gPUY/bNOfE9rTat4rF2bolXLf+sf8UHK1gTJ/HOCehJqoLf/VVS4NEpmWAeP0Hjw2/4t8/e9qH/xYyNzkSqhTkUI5BHPOJo1CtjiV/0k8MxkPo2yVpfIG3gDajg7lsSrlGi+ORwJOOYWxC/IEZZz31+NbUFMl7SC+ZXWIvftZF1y3noOksT+wHYxnRXQGe1OvuyaAj6Txniq6zTwy1dieHiCjSv46JRyygGw08xexERE1n7bLtIWSZ18OsYF5gf2dc4QIYSlNXG3di+MQPbjH6P0VeI2rznXyp4AaIYIGxfT1fUP24S50HUID8M+67gtaCrrJgfW9Hy9m+HlRO2EjNgDdlyh7hFNflGJeWUZZ6alFN72lVjuWEgsI+HCodNT57CSyiYJ/FtrIQaw7FNt/XQADCz+0yM8vJB5JR9EiVjSHYsaO9Xn9KqfJyt+timVw9HdfTT49lXQn8U1qtxS3uGMkHmmcnV5Ogacjt9Y4IhUaWP58pAe2l2lEyC4MRt1LMOrPVmuYWb4zkBS0rvwpoLx8rN3ijcetpJukRIGGivXDXy+6cnGkAHx52fIPdyGC6rx2KCIPdFfUzZC3wYRoTe/liub82wZXk1ZACcGv4+myBcwE4GtPJV0gctxzryUJ0eaAxkGxvklUMGYfgeoYKYUk9YZGFhQ/HxgB7LqJnDQjKVNlpFzWxyMkYqqLAC+owj1uJ0WuMs704AjE352/73bqwgYbYnD7p7wejEYHPofqjI6RoBIJRtWREVYHdsGCdmuyLbMDA9tY/z7nA2ei6nnUG3hyb5S5M9GL9tQxWFpCFeYBJEyl9S1COmoBSqy6n5Yhk6R3N+d0rkSqGb3z+uT03IjXmKJAfcwvWZWuUWTmQ8wJsUOsCrPOx/5sbsynyvkoJWtdgZjuia2gZS50qpMJFTUUKbNkp/wx5QT9z+tMjviC8JWFXB+iBLnKiWRA38AO2a5KtyGVy39+urMApJD9/Cem3NMyKTzY8OqFreZsH4XOBa45yXNo2psEY6gfjtD9Apn3dLUMSWcjRGXq5qKMgX40KhpWgWNCc2IlBGTQ8XFN40g4sDAQ/GxBQeik3CNMMERBxTCeNEx1P2Ju502Iwt5GiHtDedy2Y5HXrUKV0GYIn15uuhPGdPTErAc1QKgKxFq9b0yC4IVzkrnKRVbqI0BSCaswAzf4TUyzkYSf8Zfs9BSb5bzu9o6eN/x1cWGJdJlI8ATZebOcMBKkooDOhZ0T+b2bW7zvZdnj4IKqklvZlnmBvGnn55QiwpvCkhmGrg5+j9Q9QiTGai9h3Xt2Y8SVZXfltwXITeW20rJfWn0s4DoyfPWqunApWv4TH6/6uF6OgJNGOM7gLnH49K7MMVs3nCAmjkE7Gggmt+zzJsuX7gI9eZF8iavga0sRTSiF635pr24wiJL6tsUFzvJ/A960hhhC+Yt19E6AmdtTn9pPIk36O27G4qwLWOehueMpmQhzG07eWiY446iJByaDztM6WoYlqPAS/uaswYUEAUwHb4eZDsRwAgSCwi/djCxKWXqAoFzVftj7dsiljLvxqN+U39EM7pWBmnPGC5fLQ==,iv:jyofVBu/fxKmEnJPR5e81m8nnbcXf9i944mGH3rbcrQ=,tag:ILjy6UClUAyJmut255ZsKg==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-21T17:52:25Z", - "mac": "ENC[AES256_GCM,data:SNsmzPknGzx9H7baoKo8gKSac/86sW5em3MKyhYFUxfRhZEtkUwkzz6KwDgZ4YCBzUlLrToiLUICA6KPnkXDHhKBh+8dyyVlB8ISU3gDbozjwRNA78oatLlA4h5sa5RADLha9j7Fr9euy4rcrCmk6jpL26RmsiFZhzaAxhkal4s=,iv:hmRyoG9tW5Wl9AKxWDW4Hv9Qvb5zlM4Ktrk0Q8jsVxg=,tag:ofsjndQpjLmnCMvz1NTsCA==,type:str]", + "lastmodified": "2025-11-12T21:23:26Z", + "mac": "ENC[AES256_GCM,data:YX01kVU0XeEFDtZokPcpZ0rkFWFqY29L8/vEEtBv8JuooEC8+P9GArK1yrOlAh80UnQb3aJC76lVLFJIToeUmSImvJzD3YBril9YQs5NsBKCxwyroMNOMaKmR7Lzn15rfXhBCtjzeLe8ILyzTtUrW/VqwPuO4bqpqd2fdKSAVzk=,iv:QDixQGXUITr9SlQs4kJ/daUt/THafb5UB81xmw4eZIs=,tag:vC+H/fBJ7CcwL+n60QMu1Q==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z", From 6152fbd623ab109b1e00e5fe1b0fb98b852189d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:48:33 +0100 Subject: [PATCH 5/8] feat: add quickpass --- SwarselSystems.org | 26 ++++++++++++++++++++++++++ files/scripts/quickpass.sh | 12 ++++++++++++ pkgs/quickpass/default.nix | 6 ++++++ 3 files changed, 44 insertions(+) create mode 100644 files/scripts/quickpass.sh create mode 100644 pkgs/quickpass/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 6230f85..4fb954e 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -19069,6 +19069,32 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w #+end_src +*** quickpass +#+begin_src shell :tangle files/scripts/quickpass.sh :mkdirp yes + shopt -s nullglob globstar + + notify-send "$(env | grep -E 'WAYLAND|SWAY')" + + password="$1" + + pass show "$password" | { + IFS= read -r pass + printf %s "$pass" + } | wtype - + + notify-send -u critical -a pass -t 1000 "Typed Password" +#+end_src + +#+begin_src nix-ts :tangle pkgs/quickpass/default.nix + { self, name, writeShellApplication, libnotify, pass, wtype }: + writeShellApplication { + inherit name; + runtimeInputs = [ libnotify pass wtype ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; + } + +#+end_src + *** cura5 :PROPERTIES: :CUSTOM_ID: h:799579f3-ddd3-4f76-928a-a8c665980476 diff --git a/files/scripts/quickpass.sh b/files/scripts/quickpass.sh new file mode 100644 index 0000000..3f95abf --- /dev/null +++ b/files/scripts/quickpass.sh @@ -0,0 +1,12 @@ +shopt -s nullglob globstar + +notify-send "$(env | grep -E 'WAYLAND|SWAY')" + +password="$1" + +pass show "$password" | { + IFS= read -r pass + printf %s "$pass" +} | wtype - + +notify-send -u critical -a pass -t 1000 "Typed Password" diff --git a/pkgs/quickpass/default.nix b/pkgs/quickpass/default.nix new file mode 100644 index 0000000..c13b8c0 --- /dev/null +++ b/pkgs/quickpass/default.nix @@ -0,0 +1,6 @@ +{ self, name, writeShellApplication, libnotify, pass, wtype }: +writeShellApplication { + inherit name; + runtimeInputs = [ libnotify pass wtype ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; +} From 2dcab62151b241134dad107762ddad65db6c6267 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:51:14 +0100 Subject: [PATCH 6/8] feat: add remote disk decryption over ssh --- SwarselSystems.org | 125 ++++++++++++++++++-------- modules/nixos/common/globals.nix | 4 +- modules/nixos/common/home-manager.nix | 1 + modules/nixos/server/disk-encrypt.nix | 88 +++++++++++++----- modules/nixos/server/network.nix | 2 +- nix/globals.nix | 6 +- 6 files changed, 162 insertions(+), 64 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 4fb954e..8d0fd08 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -866,7 +866,7 @@ Lastly, in order make this actually available to my configurations, i use the =i #+begin_src nix-ts :tangle nix/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix - { inputs, ... }: + { self, inputs, ... }: { flake = { config, lib, ... }: { @@ -875,7 +875,8 @@ Lastly, in order make this actually available to my configurations, i use the =i globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit lib; + inherit (inputs.self.pkgs.x86_64-linux ) lib; # fuck + # inherit (self.outputs) lib; inherit inputs; inherit (config) nodes; }; @@ -921,6 +922,7 @@ Lastly, in order make this actually available to my configurations, i use the =i inherit (globalsSystem.config.globals) domains services + networks hosts user root @@ -2600,7 +2602,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/default.nix - { lib, config, minimal, ... }: + { lib, minimal, ... }: { imports = [ @@ -2652,6 +2654,7 @@ This is my main server that I run at home. It handles most tasks that require bi }; swarselmodules.server = { + diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; @@ -4435,10 +4438,10 @@ in }; subnetMask4 = mkOption { - type = types.nullOr types.net.cidrv4; + type = types.nullOr types.net.ipv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; }; cidrv6 = mkOption { @@ -7244,7 +7247,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault true; + nftables.enable = lib.mkDefault false; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; @@ -7282,40 +7285,86 @@ lspci -k -d 14c3: | | Kernel | modules: | mt7921e | | | | | | | | | #+begin_src nix-ts :tangle modules/nixos/server/disk-encrypt.nix - { self, lib, config, globals, ... }: - let - localIp = globals.networks.home.hosts.${config.node.name}.ipv4; - subnetMask = globals.networks.home.subnetMask4; - gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - in - { - options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + { self, pkgs, lib, config, globals, minimal, ... }: + let + localIp = globals.networks.home.hosts.${config.node.name}.ipv4; + subnetMask = globals.networks.home.subnetMask4; + gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; - boot.initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 22; - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; - postCommands = '' - echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - ''; - }; - }; + hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; + in + { + options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + options.swarselsystems.networkKernelModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - }; - } + system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { + text = '' + [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} + ''; + deps = [ "users" ]; + }; + + environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { + files = [ hostKeyPath ]; + }; + + boot = lib.mkIf (config.swarselprofiles.server || minimal) { + kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ + "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" + ]; + initrd = { + availableKernelModules = config.swarselsystems.networkKernelModules; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; # avoid hostkey changed nag + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ hostKeyPath ]; + }; + # postCommands = '' + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + }; + systemd = { + initrdBin = with pkgs; [ + cryptsetup + ]; + services = { + unlock-luks = { + description = "Unlock LUKS encrypted root device"; + wantedBy = [ "initrd.target" ]; + after = [ "network-online.target" ]; + before = [ "sysroot.mount" ]; + path = [ "/bin" ]; + + # Configure how the service behaves + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + # The actual commands to unlock the drive + script = '' + echo "systemctl default >> /root/.profile" + ''; + }; + }; + }; + }; + }; + }; + + } #+end_src **** Router diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index 8d226d4..c33aa95 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -13,10 +13,10 @@ let }; subnetMask4 = mkOption { - type = types.nullOr types.net.cidrv4; + type = types.nullOr types.net.ipv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; }; cidrv6 = mkOption { diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 0941d5c..3b2d332 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -7,6 +7,7 @@ useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; + overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix index dddc1a4..8c569c0 100644 --- a/modules/nixos/server/disk-encrypt.nix +++ b/modules/nixos/server/disk-encrypt.nix @@ -1,34 +1,80 @@ -{ self, lib, config, globals, ... }: +{ self, pkgs, lib, config, globals, minimal, ... }: let localIp = globals.networks.home.hosts.${config.node.name}.ipv4; subnetMask = globals.networks.home.subnetMask4; gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; + + hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; in { options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + options.swarselsystems.networkKernelModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; - boot.initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 22; - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; - postCommands = '' - echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - ''; - }; + system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { + text = '' + [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} + ''; + deps = [ "users" ]; }; + environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { + files = [ hostKeyPath ]; + }; + + boot = lib.mkIf (config.swarselprofiles.server || minimal) { + kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ + "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" + ]; + initrd = { + availableKernelModules = config.swarselsystems.networkKernelModules; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; # avoid hostkey changed nag + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ hostKeyPath ]; + }; + # postCommands = '' + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + }; + systemd = { + initrdBin = with pkgs; [ + cryptsetup + ]; + services = { + unlock-luks = { + description = "Unlock LUKS encrypted root device"; + wantedBy = [ "initrd.target" ]; + after = [ "network-online.target" ]; + before = [ "sysroot.mount" ]; + path = [ "/bin" ]; + + # Configure how the service behaves + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + # The actual commands to unlock the drive + script = '' + echo "systemctl default >> /root/.profile" + ''; + }; + }; + }; + }; + }; }; + } diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix index 90b8c0e..661e76b 100644 --- a/modules/nixos/server/network.nix +++ b/modules/nixos/server/network.nix @@ -15,7 +15,7 @@ networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault true; + nftables.enable = lib.mkDefault false; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; diff --git a/nix/globals.nix b/nix/globals.nix index 1b534d3..912f24c 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -1,5 +1,5 @@ # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix -{ inputs, ... }: +{ self, inputs, ... }: { flake = { config, lib, ... }: { @@ -8,7 +8,8 @@ globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit lib; + inherit (inputs.self.pkgs.x86_64-linux) lib; # fuck + # inherit (self.outputs) lib; inherit inputs; inherit (config) nodes; }; @@ -54,6 +55,7 @@ inherit (globalsSystem.config.globals) domains services + networks hosts user root From a345846e620bf93239c4c02bdd5b12e72e8189aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:52:05 +0100 Subject: [PATCH 7/8] chore[client]: reorganize sway keybinds --- SwarselSystems.org | 151 ++++++++++++++++++--------------- modules/home/common/sway.nix | 134 ++++++++++++++--------------- modules/home/optional/work.nix | 17 ++++ 3 files changed, 168 insertions(+), 134 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 8d0fd08..9ce93d1 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -16489,83 +16489,83 @@ Currently, I am too lazy to explain every option here, but most of it is very se in lib.recursiveUpdate { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - # "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+t" = "workspace 14:T"; "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Left" = "focus left"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Right" = "focus right"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Up" = "focus up"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+f" = "exec firefox"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+x" = "exec swarselcheck -k"; + # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; @@ -18096,6 +18096,23 @@ When setting up a new machine: # }; # }; + wayland.windowManager.sway = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; + in + { + config = { + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; + "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; + }; + }; + }; + stylix = { targets.firefox.profileNames = let diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 7f24286..12ebb83 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -125,83 +125,83 @@ in in lib.recursiveUpdate { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - # "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+t" = "workspace 14:T"; "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Left" = "focus left"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Right" = "focus right"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Up" = "focus up"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+f" = "exec firefox"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+x" = "exec swarselcheck -k"; + # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 3e8c36e..ad74838 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -105,6 +105,23 @@ in # }; # }; + wayland.windowManager.sway = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; + in + { + config = { + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; + "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; + }; + }; + }; + stylix = { targets.firefox.profileNames = let From e31a97b6abbbdc31bbdbff234fd81bd76960abe3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:53:00 +0100 Subject: [PATCH 8/8] chore: update flake; rename hosts; setup hintbooth --- .sops.yaml | 6 + SwarselSystems.org | 158 ++++++++++-------- files/scripts/swarsel-bootstrap.sh | 7 +- .../moonside/secrets/pii.nix.enc | 8 +- .../nixos/x86_64-linux/hintbooth/default.nix | 7 + .../hintbooth/secrets/pii.nix.enc | 16 +- hosts/nixos/x86_64-linux/hotel/default.nix | 7 + hosts/nixos/x86_64-linux/summers/default.nix | 10 +- .../x86_64-linux/summers/secrets/pii.nix.enc | 6 +- hosts/nixos/x86_64-linux/toto/default.nix | 5 +- hosts/nixos/x86_64-linux/winters/default.nix | 15 +- .../x86_64-linux/winters/secrets/pii.nix.enc | 6 +- install/installer-config.nix | 4 +- modules/home/common/zsh.nix | 1 + modules/nixos/server/nextcloud.nix | 6 +- modules/nixos/server/settings.nix | 1 + profiles/nixos/localserver/default.nix | 1 + secrets/certs/secrets.yaml | 121 +++++++------- secrets/general/secrets.yaml | 131 ++++++++------- 19 files changed, 283 insertions(+), 233 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 1379cf1..f828b47 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,6 +7,7 @@ keys: - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097 - &hosts - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 + - &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg @@ -20,6 +21,7 @@ creation_rules: - *swarsel age: - *winters + - *hintbooth - *bakery - *toto - *surface @@ -32,6 +34,7 @@ creation_rules: - *swarsel age: - *winters + - *hintbooth - *bakery - *toto - *surface @@ -44,6 +47,7 @@ creation_rules: - *swarsel age: - *nbl + - *hintbooth - *bakery - *toto - *surface @@ -131,6 +135,8 @@ creation_rules: key_groups: - pgp: - *swarsel + age: + - *hintbooth - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc key_groups: diff --git a/SwarselSystems.org b/SwarselSystems.org index 9ce93d1..40b6879 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2620,20 +2620,12 @@ This is my main server that I run at home. It handles most tasks that require bi # mac = config.repo.secrets.local.home-mac; # }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = "winters"; - firewall.enable = true; - enableIPv6 = false; - firewall.allowedTCPPorts = [ 80 443 ]; - }; - swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = true; - isCrypted = true; + isSecureBoot = false; + isCrypted = false; isBtrfs = false; isLinux = true; isNixos = true; @@ -2746,7 +2738,7 @@ This is my main server that I run at home. It handles most tasks that require bi ***** Main Configuration #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix - { inputs, lib, config, configName, minimal, nodes, globals, ... }: + { inputs, lib, config, minimal, nodes, globals, ... }: { imports = [ @@ -2759,13 +2751,6 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = configName; - firewall.enable = true; - enableIPv6 = true; - }; - swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; flakePath = "/root/.dotfiles"; @@ -2789,6 +2774,7 @@ This is my main server that I run at home. It handles most tasks that require bi microvmHost = true; }; server = { + diskEncryption = lib.mkForce false; # TODO: disable nfs = false; nginx = false; kavita = false; @@ -3062,6 +3048,7 @@ This is my main server that I run at home. It handles most tasks that require bi isNixos = true; rootDisk = "/dev/sda"; swapSize = "8G"; + networkKernelModules = [ "igb" ]; }; } // lib.optionalAttrs (!minimal) { @@ -3071,6 +3058,12 @@ This is my main server that I run at home. It handles most tasks that require bi router = false; }; + swarselmodules = { + server = { + nginx = lib.mkForce false; # we get this from the server profile + }; + }; + } #+end_src @@ -3730,7 +3723,10 @@ This is a slim setup for developing base configuration. I do not track the hardw }; swarselmodules = { - server.network = lib.mkForce false; + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; }; swarselsystems = { @@ -4001,7 +3997,7 @@ TODO: cleanup this mess environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} + These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -4039,7 +4035,7 @@ TODO: cleanup this mess programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; @@ -4085,59 +4081,66 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/default.nix - { self, config, pkgs, lib, minimal, ... }: - let - mainUser = "demo"; - in - { + { self, config, pkgs, lib, minimal, ... }: + let + mainUser = "demo"; + in + { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; - services.qemuGuest.enable = true; + services.qemuGuest.enable = true; - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; - networking = { - hostName = "hotel"; - firewall.enable = true; - }; + networking = { + hostName = "hotel"; + firewall.enable = true; + }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; - inherit mainUser; - isLinux = true; - isPublic = true; - isNixos = true; - }; + swarselmodules = { + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; + }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - hotel = true; - minimal = true; - }; - } + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; + }; + + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + hotel = true; + minimal = true; + }; + } #+end_src @@ -4876,6 +4879,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; + overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops @@ -6931,6 +6935,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } @@ -7272,10 +7277,10 @@ lspci -nn | grep -i 'network\|ethernet' #+RESULTS: : 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:0616] -From the last bracket, then take the first value to find out the correct kernel module: +From the last bracket you then find out the correct kernel module: #+begin_src shell :exports both -lspci -k -d 14c3: +lspci -k -d 14c3:0616 #+end_src #+RESULTS: @@ -8299,6 +8304,8 @@ lspci -k -d 14c3: serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8319,7 +8326,7 @@ lspci -k -d 14c3: trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs.nextcloud31; + package = pkgs."nextcloud${nextcloudVersion}"; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -8327,7 +8334,7 @@ lspci -k -d 14c3: configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { @@ -13517,6 +13524,7 @@ Currently I only use it as before with =initExtra= though. hg = "history | grep"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; magit = "emacsclient -nc -e \"(magit-status)\""; @@ -19947,9 +19955,10 @@ This program sets up a new NixOS host remotely. It also takes care of secret man mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix # ------------------------ - green "Generating hostkey for ssh initrd" - $ssh_root_cmd "mkdir -p /mnt/etc/secrets/initrd" - $ssh_root_cmd "ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_key" + # green "Generating hostkey for ssh initrd" + # $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" + # $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" + # $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -21396,6 +21405,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; + lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; diff --git a/files/scripts/swarsel-bootstrap.sh b/files/scripts/swarsel-bootstrap.sh index 3bc9432..a59ae37 100644 --- a/files/scripts/swarsel-bootstrap.sh +++ b/files/scripts/swarsel-bootstrap.sh @@ -226,9 +226,10 @@ $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix # ------------------------ -green "Generating hostkey for ssh initrd" -$ssh_root_cmd "mkdir -p /mnt/etc/secrets/initrd" -$ssh_root_cmd "ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_key" +# green "Generating hostkey for ssh initrd" +# $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" +# $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" +# $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" # ------------------------ green "Deploying minimal NixOS installation on $target_destination" diff --git a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc index 05564b0..086c4d7 100644 --- a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc +++ b/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:Wk3OGKwcuY72VLL+SBYXZUqxTQ8SlYroF4H81YDGMUZu6gt6ialXNvAsZSmYyFNh+3p+ejvzqMO5mxbvAI9tKAvbdamtfO4Pi3A+sNvJ9XSLE9iLAdfWeoT2qLqGPgkXI1SGDof+FP5yIb36C8Um9P4hE3zaE+UdJBk0qgzlc1Zlq2Pdg0TGU6wwJQkRhZIDun1wabeqGWjLrBqUa9VPfNB1El63q/1rhP5v3m6tI7dXt0SQArTtbPWkkHHYPehObG6Q5s4Cm2QrWGpbK+R6xe5F+nEv4+dOuSkZgOB2HsOjzenjp/slqoZTCJYnKT5IDkFQaj5G8YftySyNE/OguMW6atCgulSygwaeuFsnjMNxxsHssrTndNe22jpTTrh2Odp9BT7oRiZPPR8zj/Z3hpLYca24X4oSlZLD0PFEExQNir6V7eT0gH6Paj7wz2rYeYKB8focatLNAwug7L6lWxnr/pw8IXCrfx4ZHw7VYn4hf/KF4isrPju6XW0u2wuiIVlJfOUXZXONmJULB6biftgZapveIMy1oHaabyuIIxkKGParhSUfj6/8/qPVftVFYotdlAy9oNRpZ8JG8z8Sf34etu9Fi7uzcZySKU9e8cU43o6kAo+r39RHRDuhUmYP0ocN2bdlTAkhPoFccK2A1Qx+W/+EwQr55mb5NCH95AVh2QX0SwWgD79FV7EYGN7iVEc+duV5YH8Qy37f6ebehQy+mZGFqCZ5s7Cqy7ChypB476qDqh82qp4K5Uv2NwoF7TT9REzjU0cbRseFbC77AgEUNvfHpHvLBTsw5Y4963GefSKltNHxKROboBfLkaGFHNOlQ8sHIY+vd5Y=,iv:g9iNn/sH7CtxcT4SeI8/DFG8BPIIoseYTuprGEQPqJ8=,tag:SuV+seYm30JAMN7QbdDl9g==,type:str]", + "data": "ENC[AES256_GCM,data:RTj0FFJudZusWh2SuAPBHhpYEU20GmWbeZZSCG/vKCz83iUEJxpZ0lSDm71BN1Di7sz+VchcbWxkUjc+SV9paFOtuRKMPynW5n/HTyp/ub3y8oPUN4AjxiRnvfzh8Qxd/vnmxd6lSh2HxMlOqJURN0JY3D3g+tpHyTIvFUWef6HgzLNZCXDnP3HJzbIY53VPj9f+DsdxtFwU5OHkWd8gH2D4XuPPetN0Iv2HaR9+dvlVrbKEXgElgdENkU+ED78TFxvabk1hqPZqXhsfORF/5RpwF15ip5iSlVWPTwMdBREqCsHRiA+u5F9nwJ5C70U1wz39J40CJoa9oihIxyAmN3dktD0JuY0jiqyxwTRFZXYh7Ioe4CksaET0P7LbTa7+BpctgoBqvmnhM3ZDNcSZMNcCbtX98V30UqEPBoTn3kRYvg/1C1SycR96bVW/AiHMiIzD93dNw2gUWdyQX9xtHvgdxLo3U20pJhjMEcsk9V98H6lPiLp3lltrjAX35RsG5R629W8/WVOGoUQn9nX/y6m9VFKoUPf8/M7tvlxDT9A/QBQQvShdA4AM0K8mdNzb85ac5In+43gWDRXWQPPf72e5gL5nPIqPcZvAcoLHsYFH5ebr7VUaUbHm890jQDoNvtezZ1w9nRlZNGVTwdvwWB3rfzorzwCAKLhkFv6ATUYimP0tiHPOz0MxTQKXg12rtyPXbh8bwjhg0kdIlwljAYnYUKiX7SVSeYq7TQksQIiH83JwxCGrL4xjMWZhNkrg3KQUrEMHHaMbNCZvb5M2nMceBo6eA2zi5qYA9sLVnLTrlwx+3Wl7uFBv+9Z+8qvGg3adpGrtJTJjVf+cig01gzao5WrJtT9q4YD1tOHnWfBhwI9/3ny2A0WlyjlY/fS8WUiOmyhl/6N+ukdffzDZQOcTGf1QD0zO+9FYPqYhxr8eGKRHAB0R81Q5y+ORTLwXJ7EhRIK2f45FJisRIsiR+VTsI2cqy7n9HtubY8jQPxLMLnxuUqTu/OjtUMCcbJO8iqYDxWf6NlCZuTaLsQuUPWvO5uUelQpDmN6HhxSGKD9XG4M7/zCuCWNhKWoH0Z9xfw==,iv:Bs1fdmD4jbM/9hiPHxu+yENrVrwFsmhJ5J38W5+4PtM=,tag:UBpHq3ldgdVORaRxuswzVQ==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YjdYNFF5Q1VzQTZ0WU1z\nN2R6cEVObU9RMXdpd2x0Mjh2cmpvY0VvNjE4CmF5Sm1vZWRoOTFIY2pkQUVRQ3FY\nVEd3eGpCbGQ3cUpvTE9JdjJMWnQvckEKLS0tIFRpZDZ1ZGZKaXpObFhZVlNqV0hB\nT20rRGV6S3gvWkZLUzQzVVNGQWNGVkUK0bAeRuI0vb7MJTtpxuD56nwZAk39sHAa\njEhntqsV9ts1Vbw2f0mZEqDdzd64NTtDm/YIwygZ2udV27mXNhVUVw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-08T00:23:59Z", - "mac": "ENC[AES256_GCM,data:Db2w9giZy+TyXp2hpMN1h7ZgBaJ4WiAN2P6IFaoXufOlxT2uwulbzDMYFoUm9jcdFc8zqnYCvttosJIzyjevY5up9gDarzTu+43XFrTxYqPdgRBzzvxSeXmKqDnngAvv/qOWfzt7TG1IzpyytHX/DEPHvPM9dWgut/1K6Eq94Hs=,iv:WoWAAjse1kyn9IGX4kqCl3zvq4kXEMkfTjAi2j5OCFs=,tag:xco/8fudn2kCLnFa8mUIsA==,type:str]", + "lastmodified": "2025-11-10T23:16:52Z", + "mac": "ENC[AES256_GCM,data:CuwVt8/XKRMUHs1rh7Yf4Bk5tWXqTz0HXUiEEjuLhj1TRuMWs6aTC1h9uTMoybP+FmjKeRTar1E8dgUmoheFUGaBFqxd1Kx/FmNeJVLhUOPgmT9XOIjEjTNnzOoaMsYvfhP+AnLKgx+CfOsLnLMOqdKEggx1t5jNfiI2rXqOdfI=,iv:4Mc3WcgMg3z99dERJk+EF4hPpgGZo4mfMt6X45zgp5I=,tag:MP0YDtR1Wq3088WVzXS+8A==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:12:55Z", @@ -17,6 +17,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "version": "3.11.0" } } diff --git a/hosts/nixos/x86_64-linux/hintbooth/default.nix b/hosts/nixos/x86_64-linux/hintbooth/default.nix index b7a9049..dbb6c6b 100644 --- a/hosts/nixos/x86_64-linux/hintbooth/default.nix +++ b/hosts/nixos/x86_64-linux/hintbooth/default.nix @@ -17,6 +17,7 @@ isNixos = true; rootDisk = "/dev/sda"; swapSize = "8G"; + networkKernelModules = [ "igb" ]; }; } // lib.optionalAttrs (!minimal) { @@ -26,4 +27,10 @@ router = false; }; + swarselmodules = { + server = { + nginx = lib.mkForce false; # we get this from the server profile + }; + }; + } diff --git a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc index e9aa129..46aaa21 100644 --- a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc @@ -1,12 +1,18 @@ { - "data": "ENC[AES256_GCM,data:dXhWlutdXYLxq7pAWK77lK1mz1y/lh0nl4mHa/jf4ABaQxkB9or1/ceEGwzUoFZAP+EmCuz35UpGYuT4jdti/BPDFsg3273NjVxfPBdV3Mr75FpEG56tMZKafUwARtwsBGQcIduPUgymOxKxUzy5YJokbdFThAa9Y25OFKDwOtN33NSG5QT8tEtBOFzeUx5K+9Kt1YDFCgl8dOOFtA==,iv:wZ1VY7IcK2dFjgrGZrUg+Oz3id8DZKzVgPMkjBrp1GE=,tag:F0SH8w32ec09P3NaMLcuTA==,type:str]", + "data": "ENC[AES256_GCM,data:RwbQZyqU0OjA/wD3o0HppPWFjfHNAHsGF8DzdJrXZLlE5RPUigHWtMLcX+2bNd0DpS3r7WHCSyiu+mmg6GWFiE6wAOBU1Q19BpQ8k3oTt8sP3N4/5PfzYcXlHRfwxmB9/pv8YCi5+cOU5ExWiQ+kC767UbgPIC2ugUD6tkP14KkhW0EGgEhF3elBfOGrSHGgjltgIFMYm/WKZjM=,iv:EBpghMcCGd/wow68V3zoDfzwywDGwmlqn3btNHrfxbk=,tag:jvSZyRIQ7BmQdKc6YEBIZQ==,type:str]", "sops": { - "lastmodified": "2025-11-09T23:30:30Z", - "mac": "ENC[AES256_GCM,data:odBcMskVn/ag12j/sDxqD7/8q3GD+LPfoRQ4UcwiFAdRWIRyLKdG3HUJzt1yEVQnpvaHHOq3QmGC34FPA+GT6zw6TC9EacibmigX5uT+n6hYdVgXy97T/nD9ITtq6gVy8VjWugKpqMwTDta1HV037DKTf7LDmrTUaFhzFmtzNyA=,iv:CjkjUwCzACzuUI/TceDeopRsT9xiIZxciGq7UeBEVTw=,tag:ySF9Dxha7it2F2g81NZ+EQ==,type:str]", + "age": [ + { + "recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VHAxaWdiV1VlWEY2UktF\ncE96UHJnWGNpY0ZFUmZVSi9xSXpBMmI2S1VFCjB6cWtDTTJrNFhZRC9yUHRYdUpS\naytwOUJ4NTRxTmJmc0R0Wmh5dFVKbzQKLS0tIHQ2NUtqRjh6MVF6VHJFSHVFTFFD\nNWh0MDVjekFDUWZvTUZNK0Z4M0lJbVEKGZk1BvZsNTkIor5rTcpi2UE4W/BqNMWU\nIAe3irNN6p1si2zebrCEyiaJYuaVn7uYVwXcscJlNTfkr9szm8TjSA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-10T01:10:14Z", + "mac": "ENC[AES256_GCM,data:NSUKiOFGZyTb9U6e8cJoOJPAMfnk5iuw7pLK0JJzdwf4pI1aMSqjSDylQ5EqqbdFKZKRmaIjjHSpcJep6q0TRFA6wOznHWyv/UCECGwqZrS3EXgcQF5lZl7NVXPPSsMZgPReEVQcMtMivatPrfksEeCaam4WC/M+dqd2d2RrOXI=,iv:KnBNepDoaQeQ9MSrSN6dkrbS6YqkMYMpmXFd5v+oWoI=,tag:vPhsazyi8d3ugGoW8Z1Asg==,type:str]", "pgp": [ { - "created_at": "2025-11-09T11:20:20Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAgiGGUn4Dhw6aB34J+332lw/CMPnZb3apThxgKjAVLKDz\neEeG+iD3iOJ3m+xg0KhgV5m2nykw0LXcXlErNIxnBmPm91DiQuW2Nzgz2J9FYF+J\nMHZ65JG+9nEt6dUplEKTBS492hiKrfD6a3BR/WFy9qrv0uY8DutAeUbkXVXqY+Sn\nxTTu2DK9Yy6lps2gmaZ1nJwLffaILyZuwYqMKtv1d1tEQFsBbkwh1chj0857nldD\n4t+bDYpMa1eFBQ/vi4YfMrw19Qq0xEWo7nKdT/pj8qAW9c4D7pHf7rm4t0T+H3tN\nfk1dJKuZuITXRrIth1zhq5bLepsIWtk/hG9fNKPbYj+xThhbCWEpH18FVVJsPCtv\nksZ3i70uz6FvyMYxyNANTMIxVa+SI+dhx6bCGQ/I9xFxK2Yju/yL6Gt4av3GhyjK\ncd8B5AlIKzxDvhWBMakjf+R/I63a7AlI9QliZhEFrpNOdcBu78ZvtKKplJ6fG8SZ\nExCFFf/qtqHtM0rvl8wyyVntD2r9WLKwDF7+tlygxbexqCaVs8CPtuiswOEGldc3\nZkG+zYsXSvBmyyfwrVYoIKRjJ1QiYys+EE5OdfI9kZ/I+kByiwr6PRHDnIkuc7jj\n8odeSq/KVMwS3d0u3c6qTPWbnSvAa6KM91dnMaXb0ws/B0eNE22USNk//KVfdKKF\nAgwDC9FRLmchgYQBD/99q4jpY7LnuV12/KxqZvbSHkBlO3HlBDYfmAYUn1gYS83T\ni+eGlWqHlXAwaqDnz5hGKe/yHRBVZjUO8Ic61ujHH28dPC++hMDkfq9sBH9mXeXA\nfovVEQJOiF65K40Lel9FAa9E5yjGSvcocqBrsh4usS6jTrFJmnat4poCnJDG+Ova\n7S2kD2FEwQxRRFlWX8I7nsmdxgATIIVhLgvCImJKAb2GEBmXx/Vpj6UTG5H+dvtP\niYtHxq0QOpeR47wNc5nUTaHTP0Lsj9hB4SS7rTdKHptXEtHCEznM7SEarNCt+MQY\nQd5O/x3cItJKADxV2JO2XPL96hqlX/e6+CWcsW89nAbuIID651b7ZWBw19F+62dt\nxlVrehcsYWLz+GuGBYysx+/0EVuZ422AEi/v9ft5YdigXrxq0ddJKRtFvcQFMh0G\n2w12fADrzX2ExzTWWc7FIwBmCr5XcwLVtmwU2bOD8mX36B7UPybBDsZ5J7/fr3TP\nYIz5ApQI5ewNsBhVoyJxSJQ6IoEBC5udrGNBMKOgZEYW+1MTWPojDU9eIg0Mew1D\n7PkXYEDrHBUccbaePLViUPcEeGkE7gB/FAWsIIfjRFzR8GDJpf/RnEK7G4mvPrIw\nlH8ARzgA93gtGOyx0DVOg+zIeplbARgZoIhyX3QCpsOTPz/CmBZIwMikRZfag9Je\nAfBikUXA2MBcIDAocQAKFILnFLyY7qgNKhvqhiCc+j04GmP7mjtAiZXP7lyUauRM\nt2PUcec90jfk0wsT1DXfeJKuWVa1hkv4/2Ejz5/PXa6ZQbrmBtZG9ZIDk2VveQ==\n=k0BA\n-----END PGP MESSAGE-----", + "created_at": "2025-11-11T17:51:27Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cwoYXkjChyIyDP0dmqquRMAv7AsLz2IVVKcdGzqKWR/z\nx7owbhfGFaNCU/x8TWs3mUFBNnLIUQmuSWUuI30VMmFVjXQ9sybCZUCk5oFLD53+\nVPPb/KsAO06it8T0NxAlsXqe7n9fz1P16mFpMx8N1yb5s+GYG/C3UGATwJTJQn8+\nwob0NHfN/6qsZP5PzMgKlUiqc3YF+eB71KTHNDmT3l5sGsoNi0erZwNZc4VA0zn8\nPsFYodW9Mya1XUanJvrYKo9eRfrlpaUKGzn6GVlMJsZU0gNpKZepMubbev3+B1GR\nn6V+ViYWd8U9UTatuHy+aRcwEZfpXq7uKTTTdihECjNkHYSfXmUF9mjq6u5U0Lck\nykhElFADx+YEBJuavQabvYGu8fJx9DfJseNVwIv0M6hqLdg2CNMUQ1l1Q9weizeZ\nxLjme1LTlCUinJGN07CE0J9qP8syWRJYD9seP9Qc/b1IY2D8dGdgOTzO8Fx8vI+M\nOV+Q3T0Chn/f0lw2Xzu40MphB3eamt5cq0JeLQuwQHjUml0rGpi7bIj8PxeAgMkX\nXFzSokYTHGRJz2UblLnITfMaVYcu9HYHXxXIsZliaRBs2AlscyCCSQFjnEAEywlo\n9kvh49sjWztb0yGqHRAxdmJ+Sm5fCqP0huaTMXkC3zy4h0oeJte36Us0VxKk1HqF\nAgwDC9FRLmchgYQBD/oCYXtBTr276kjOMWs3WqDYMLUDbWM8d6b86HYgYvtwQy0z\nXgASNtWQsMMyIEiReSqv2H9jtTTqbUK93ALW2X7GmEvUIvmW64g1AfHKhmPw//Li\nKMxtK6sFVS/WSEYoaZarkZDwOpNx3+BnriQEHiMi21vWxCqluZFSDdls0ca2oXvF\nK9GpBUD8v5+l2EWhq5+4nxHKrDx0g+mjtZPJPRsJ1u0tisdkhRXauOvRHEymZ3mX\nRTee3FNR1t6YpXY811lX9yemXkdsSB4pzKWNQgk6U7WDkGcVaGNw0R8pS7F3YnRE\nFSJhKnhb9Bd6CX/zEV+IwEgY1yPfiEMX0bvIrcEJYgUg618YQbQPushxVk10+c66\nZJ+99g06tdyt+u8E9GpoujnoRjRWsEqElkZntd66fPuDm99qx+RHlF/1Likp/nPL\n4oIknDJu8wwoIBCtoQcWyaiNCa0Fo/HR6txyOt6tTqpwhnDGJP9UfYlKWt07CFar\nQLgZfJbHhetjXoRHMAs+WargN8KV7QGMGbQdPE+VwlZI4bKRSipH+rdDn+v50FQG\ndvFd7WRnWmTaG2W3cOLFH4pWc2MPnnxj0IHDI3U9olcCyuWAF12yC1HYuFuWeG+K\nokxmS1T1E0jIP9u8NTJBmLdjC+6U5y1ZvSZlIWB12OzBEpP7jl8uOVbD/AR4GtJe\nAf4EdsxTBocS50aRxxAOq5t3kaoTu36n1dbGDfb8k10bsBiQb6zJ+xtNQgWxNEeO\nb6YGIyglD06Wmm6C5LOyQ46KIzuFXB8irMJexApopLwIZ+jCnn0Nb1mO6DXHUw==\n=kTmR\n-----END PGP MESSAGE-----", "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" } ], diff --git a/hosts/nixos/x86_64-linux/hotel/default.nix b/hosts/nixos/x86_64-linux/hotel/default.nix index b499f10..7d32053 100644 --- a/hosts/nixos/x86_64-linux/hotel/default.nix +++ b/hosts/nixos/x86_64-linux/hotel/default.nix @@ -29,6 +29,13 @@ in firewall.enable = true; }; + swarselmodules = { + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; + }; + swarselsystems = { info = "~SwarselSystems~ demo host"; wallpaper = self + /files/wallpaper/lenovowp.png; diff --git a/hosts/nixos/x86_64-linux/summers/default.nix b/hosts/nixos/x86_64-linux/summers/default.nix index 3b6051b..ebc92ff 100644 --- a/hosts/nixos/x86_64-linux/summers/default.nix +++ b/hosts/nixos/x86_64-linux/summers/default.nix @@ -1,4 +1,4 @@ -{ inputs, lib, config, configName, minimal, nodes, globals, ... }: +{ inputs, lib, config, minimal, nodes, globals, ... }: { imports = [ @@ -11,13 +11,6 @@ loader.efi.canTouchEfiVariables = true; }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = configName; - firewall.enable = true; - enableIPv6 = true; - }; - swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; flakePath = "/root/.dotfiles"; @@ -41,6 +34,7 @@ microvmHost = true; }; server = { + diskEncryption = lib.mkForce false; # TODO: disable nfs = false; nginx = false; kavita = false; diff --git a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc index 6f72187..c7afa8c 100644 --- a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:PFtZdHoWzYmrHio52kBZ7LDthUI+qAPBfCqkY/ubTIwVJoaZixXbuzJdJuA84YH5YBZ/umTYG/9Ocs4hNbCYoPcG6VdreIcqwVxD6PgCEtqtTK0qxOfBqdIXQ1Gl2EzyMuxQm3pFFEx1zzueJ3KvdZEZRtzvytLlw/pKkETLECAxqAoZ5fSVApzIczGI053046v7ItdulGLOZGc=,iv:0EhqmcDH8yFC78H2tuhGbu49ZzVaMtdvf/7XuNU9hyo=,tag:/8rHZKR6CLH7HNAaK5EDOg==,type:str]", + "data": "ENC[AES256_GCM,data:umKGtD7jTa+ex3ADPs1zR2o9YU2j3y3zCEupCGOsdJyicM7u0efXDI0g755RdPeNJiB/z1DPy+mAkePPq/m93CCppTq0BYyt0JJw53/j3ghCMJj7N3wUVstMUB01jewDSUc7SLay0lkhMCWbrTKsR1pwnfFRAG8C3rWXQB2EkU9FViCo8VaOfEF6Cq9ev/r+SEepT85wvoMxxIg=,iv:bgJXEoj7nRUsi4fA+bYVYvJYavS+BoDuQt2SCrX/2W8=,tag:lmOjPU0J0Qf/vcnO0owTZg==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-09T23:30:06Z", - "mac": "ENC[AES256_GCM,data:/af6vMgOLZ6bqLdwhmCg9lX+S1afi3HoKeVhrEgxtjrob3IIHMoD2YqP+PhXazGTyArBPEHxojZ9ew8SqedosID61nE8H45gMV6jz8g4hF9sm7c5CRavEk7Lgy4kO4Xw6LyUEO379RUa3OOrhKrOI2+zWf+NkCQf8Hy79Cc56Ds=,iv:BDuCygDtMYdYfd8p3xZSNN4ZaFiN9WbNRD+3LSluwlY=,tag:+S01XGwLZcCa9c8IDDjjGg==,type:str]", + "lastmodified": "2025-11-10T01:10:33Z", + "mac": "ENC[AES256_GCM,data:4vPX9TdAGGBwzEc3W6pQj+BVKjp2kSAMB/L3QVXZbDHfvyKFWUOqwG8u8P7XDcuIrrpx65YuJp6zwexpJjg5zkU4favJt+uHD1wWC3TZcCpda6v3hGW3RduQAwVy+18JJ+PdSxHzrC4jmj+t/HIKp6Bt7qB0Z1ynrt/CdGIVxh0=,iv:zQQrl19jK823UynE3EXLgazehpWW5ltRCWKdnElVh5k=,tag:zIIgbyXSw6f6xW2CaVW88g==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/hosts/nixos/x86_64-linux/toto/default.nix b/hosts/nixos/x86_64-linux/toto/default.nix index 635a1e8..3d02f5b 100644 --- a/hosts/nixos/x86_64-linux/toto/default.nix +++ b/hosts/nixos/x86_64-linux/toto/default.nix @@ -16,7 +16,10 @@ }; swarselmodules = { - server.network = lib.mkForce false; + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; }; swarselsystems = { diff --git a/hosts/nixos/x86_64-linux/winters/default.nix b/hosts/nixos/x86_64-linux/winters/default.nix index c50b4a7..b991df4 100644 --- a/hosts/nixos/x86_64-linux/winters/default.nix +++ b/hosts/nixos/x86_64-linux/winters/default.nix @@ -1,4 +1,4 @@ -{ lib, config, minimal, ... }: +{ lib, minimal, ... }: { imports = [ @@ -16,20 +16,12 @@ # mac = config.repo.secrets.local.home-mac; # }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = "winters"; - firewall.enable = true; - enableIPv6 = false; - firewall.allowedTCPPorts = [ 80 443 ]; - }; - swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = true; - isCrypted = true; + isSecureBoot = false; + isCrypted = false; isBtrfs = false; isLinux = true; isNixos = true; @@ -50,6 +42,7 @@ }; swarselmodules.server = { + diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; diff --git a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc index cdcc63e..0c94b81 100644 --- a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:4SiiMDgtS3KPoG/fuYnfzaxVycaQsSycTODMQQS9a4ICcZFY21LdKCRQs8N908ndBrdjMIHMhG6LDI1RVRs6m5EBZLYho3dzvf3YlpztnypaGrAkXfTnCuvP15vvAOgHnJYF3PQ41XcKoQ9yKRJGv3E/1lt2bkGkZsH43aDizz/BfRXpKKOezLkzumi6IYiwrVrdPHf0yQj7qeMBfPi9WBicf+/daonOOssa1JMqZ8B+Uy8tG0qi6JlL2eQa18njDfV7rcmGyQGUYBkVoc2E+YYrAUbB7KDYSwe3Gqzo75Ls6IjH8O0KemYnqPbOIPrlrAsGPen+ZAT6tdCQ9QCNwXlGLERRidVcSWjjk32VthlLzXGrhXoChidwui7ff8SwUXIf9OyV1E4wREdPJPBkOBVKOhaCEZfEavREHRTlftmE0KHi6k4CXKi2HPvOvOt4HvHALSFJCKkmrn+8THv01niHS0X3iQfIJCzPpXFCkKVYB+2t/NOPeB6qJsI3+eLpd7jhU9p4q6Ny/OmSpYRFgqqF4TXg+npYQm7L1bqSkpRqbzfQmS9MdEl/h79K2x2GYBmTOAR6fs7c7kUFiXoxrP56Sh3sLyTuhzD3VGJ6HxHFlaIXAi3tZ9VObSCa3zpLWv7j6e3vNp01Z0O0UfJ5ZNNHOe+IIyUtEAA9ywLxU+uRuCsBe7PZeT95WpfDkiQVY3LPXxFr92dE4w6Ex6CZyneUF3wOwDqxVi+J2FXAJkYXDi6uE3kyBhn77FsaEVx5H/GxxsT8cFXEa6EjhQ0/eQTw7DYZ11urgN7iNDKrhh4oPnkI9HRrIaqbtaW3H8Rzx01/JkkfOdhiXHxYILm4W6YnLt0kTPI+nNgUEX2/H5h12xXPCF4isK6oHe+DExbP+5Ccz0AOEueNMn0LxH/zhG/f6k7sdOs05PIC0p56v1yRrhYtaVemFdfSWI4dgaXpygR5h2YtrGDHKq8vlsafIa8olrjbgMMpeXjrnpDSC8MgQ55wLHAEIVWPdKmr74704gGKz7PL6L0DAqh8YMTIHaOdf5h520qqiFm0bJWttrPhi0LvHlZUsumgGJ+MqQdRpxbnjo3q8rY0pwyVNxCHieKdchjdCeH9+xhoMpVvjwudrbsycyeF2Bm/TY5emoSTKWq8ucnkpTqXUpuRpi6kaqQRZIMoSR4BjsfGDcNrT+SWqjVnkOOx5EL7B0cJUt9QGaWeSsTj3JK7InnhfyKr44f4e0T2RHjwarZoW9OnPFJnwnsvUarQ5U8LRdRfY0H74XoMdfpZhlTgV1sS37MdKjgakQzVRY5ANA3H4VmaTeJxjPelSnve/Vtkp3SPIuhacfBkMCkoDGPqjR8nmJ1vZdqM9RlLyZcNnZxqsQHT0/wqHSAImfZiLiTHIpkBucYOvt1/OuFrnUTz8XtHFZU6f3tMTM5pCZS5/X2nA+LXiW7+uoIcYpowPb5iVfkFc0T/rSWbqqZoR+kAWFllGK+k9h8brlGyKdwBWF45xWmpl4CSwvngzKKW14f3Ljlf7NyrcUXOxHfrL3wzIoYMFcqNWLh6D4qPt3cqJDihYzF4GYu73VJhUK6sn2GqZ/XCttfBd5MfrvSqLv4iHmrYC3oXl0JS+J7LuZudWIJSEDGhv1ZUdUKahKWsfMvmmVnk28AczdE/rBiAJ+9POeRmGYJ743PSua0k+tBIUbdQ+xkuruenII4pK37yd5H0Ic4ATtcVg0Bg4se5JBXmEoHodO5t2Vg8gUXVI+Xc,iv:C/7cgdkpNmOIeb8cdYI0rbyxebJLgpqIU8ezO+zRqCA=,tag:NywhkBzKpQrJ3H7ZKxvYgQ==,type:str]", + "data": "ENC[AES256_GCM,data:dwoz+/DxlUbk05hmg/EwtmUkuD759sQ4iVbjHqcPpY9y2l/gzuPSJT2CMI2GbZs5SKhtlqoqZ5jHG3LwcQjgulmYHB2ThJR4ALi7usJm08q0UfMirnm6mPxjnhdhJXdO6YQ4LaRyP81txSphrl28eJwp2efz3rkUp8nAA3keL6MLZsBkdOXujOJhpreTr1mprWTA6U8aRWFBW7Y1vWvxAH3dtQ03XhYXM88pY6k+HKMvcXSsiDhvwnxG/+UYvSIHcanmboCJDYbgXZECnIGsar7ZOmbsZ3GM6X37qPJpxNmUjc4OoRaJJCcn6saH8kOJkx2rxMyzgMryuGdBq4R/m2JsvDoCPDh+gKO+luCI+hH/iduxnDgYjZAQ2gv3Q14MGNe9nvPWVfiRXXzqRf/8vDXjpnD2FFKmMSqiCvPJHRL52uwO3R2zYUrUfQgDN0Jk6nII8B64l+l69Q8Mod1J5nEMwoUOihhOsjaz6TMIUo6b0GKvxZG04Noyd7S+KuxZe1BsrxSnn7REt6qyQKqAHnMYVXpBmOxOpzhAhOrBIOz6LuqHPzmooQukuBDH/Ej2rC5hLBAFW7mvHIcTqo9sJFbnT3lYYtwLSlHBE3R26vud9pG8K2SuVdy2MWJMpLscR48V9r3nAbWsXKXLZALW38z33/UMfzTJ4g4L7Eo/4E5RXlihyL5/p8ISsoQdf6Uj718pVPTToBRBbIEMOSoJ4ntPoVxQbcpdrGO9zrqqPeZWQSE1JM8anGeZVqeMEVmZJxIbfquX8eMKJrkTroa/9HysuIi0O311F/kntoCtDOYCd3mYPcT8UnZHW3wuG7lqYRd15i/eaMhj3z1eTWoZ40R8w+2TaQB+TjyoLoGGzHvyktI5UkYiaMwa2FoFz40tz5YdZ8aODLQhwJc1mv3Fm0VLudXm7NUcfc4tr35EKbDg1wKtUS13VMSHjbi8ANbTB3nBvpBsPKtD12BTqaP4Q0HJipdnDbcwas/MoG27rFO5+q8+cb82IgjSpCeekrIgUY1wsnOyR3j3ByITp8jfmCRMF1vjKifKr0pgREF1dW59VQ33TvUyjfveQV0ixeV+vM9QueQsUVFzeqYTagsPSM/Czx/UNo8hyG1ze0p+acoOb257Q/Um8nkj3iNPAzx3WN6IdjJkpN1Ldp1SvU5qd3o3DDcSw2ztz8usBkH91BrBaV9MYGH/FSM/HL2CfTZoZodP1VqKFi1Hl3pHHyPEagvoJp1ayUZqmymKu4x1wFxC5FMUXjWUwWZZx1PIOwOtf8pLqVd6FySJlwG/MA4Bfxcnc+eSZ1EYcuHU3ziGbtGiB0eqWXA0fhUwIHHUFnV7H8NoRaJnbDS+kviFdTQKvoF3OmymEwhaq/Oak0ZQk8NLHC7KTQ6xVCb7bBtLpkBdXFE3YB5ltXvEYvSL02qX9i6oBf8GRi4Tl+k6zca6QVJzHG4hU8Nh3cxXBmF2IIY4JiKy0YlsVXCg7OHEWMEl4qT09dAsrDcKQC205YRF7XO8AXimENFQM2Nr/moadk2SF3D2DuJEE2HnSBk4H2tVlMNns32MpTFBZwbf3JOIHJV9CFyVSjhjuNjVjMK4vVdpnEzhmnaKjDqMnuRGNZmrl6p8gKM26KlWcYpIclQkPxy1pY1iFINxGH4YEGdAztpx1YhBkQNkQT492InrPA/PE5XFStP4WsKsLW72lhSVgH8D27S76yGihXyaVXXfd0VF5Fx/gUnbd7fph4Vi1VtFonhfK+ctHg==,iv:aQoC+pr7OoTyTT0FE4MbENfzfJ0Beq1Lsz9G1jnFQPs=,tag:JuYmfDP2foCVDH8CwfL4fQ==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-09T23:29:33Z", - "mac": "ENC[AES256_GCM,data:UU9a1Yg8Inmcht6gc2pTi3GpV945YAMdVN08Q2/yjg5850N3VhVcD0dsu/bn+4fOSvOiDtWzkoqq1PquRWJbfDjZJxl0aivU7UHN3st64nxIc/mKKZp7VwavMDTVDQScRlpaPZoC0zZ5CDQtBQisfY2AiDtfUVBKZLfuvI3Kjsc=,iv:RPcSwZHVlTo8laro1bCAaJT8KXXCtLHJk1iH4zaZbgk=,tag:qOhN4DNr+d1/34R6L78PLg==,type:str]", + "lastmodified": "2025-11-10T01:10:47Z", + "mac": "ENC[AES256_GCM,data:2gKEGIYctY7g7mL7lay1T7XmxGdsRzz/dIC1p98zDTnIoBrq5mf5CV/FjAGi5jDsmEMoCSUTWFaT/0Wq3nmRC+OyjL3/Hsit+HJDBVbyf/mY+zs2UQd3KVYoxmpDeAJ1E9s8ygxEu5lJGzacWbJ9BggKUUnywXYfNg0fS7ntjUw=,iv:5xedOuJ3VFm4pEjXyVBM9Iwe5pK1dYP4nTRkk7exrvo=,tag:sEVygcLMqkI9CWQDjoaEqQ==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/install/installer-config.nix b/install/installer-config.nix index 942440e..435fd70 100644 --- a/install/installer-config.nix +++ b/install/installer-config.nix @@ -95,7 +95,7 @@ in environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} + These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -133,7 +133,7 @@ in programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index b941eb1..7813983 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -23,6 +23,7 @@ in hg = "history | grep"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; magit = "emacsclient -nc -e \"(magit-status)\""; diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 50e8b9f..c2d5af0 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -9,6 +9,8 @@ let serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -29,7 +31,7 @@ in trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs.nextcloud31; + package = pkgs."nextcloud${nextcloudVersion}"; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -37,7 +39,7 @@ in configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 00ee47e..37354db 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -16,6 +16,7 @@ in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 928e012..31bb1af 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -4,6 +4,7 @@ config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; + lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml index 3f54024..6f70d30 100644 --- a/secrets/certs/secrets.yaml +++ b/secrets/certs/secrets.yaml @@ -7,89 +7,98 @@ sops: - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieGlsd0NScm5WYldITTJ2 - cG9mcnBKSGo2eXlFaURNa2FxNkZ1MGNVTjJZCldROGZiWGp0dXlMc3cwbFh0cG5H - RDNPNUtWNFBlTG1lOUo5QVJMdncxYUEKLS0tIDNJKzc1WExlTW5ycTQyVFlXQVAz - cTRDK1h5Z3NjK0h1QnhNSm51YjA4VUkKUlshWYOQLs1z8AOsFvjfl+RJBvmJWU39 - oVVvBEkCF6pw/yZp7Zp6ejLpVQojqT0JvLzSMA0tJBt9QvNmdTT1xQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOE9rY2tmekF4blBrUEpH + TmM2a2ozUGNvaFpDWjYrelhEdGc1RUp3Q0RjCmloQldpdDdXUlV4eEt6YjF1V3lm + NUxTckR3STNNRmF1dHRqTmhNOWt5cmMKLS0tIDJjVFJZUlNXQzhjVWNLQVpjOTgw + anhEbXNFblZpZ3hIVXNxcmhBcDRpK2MKb/Fh7QtHGBFttpzt1qSVE+1H6W2FYKXI + Uuly3uYxfvQXV/rtgXNP5nqtFe9rMAQYuLMgJ8SbUr7cczt57CX4VA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTFVPMElxenJwQVBwYUlr + WGZOUUx2NU84WnY2VWRBQllLR3Zub3d1ZEJFCkhubngxM2phTjdtVTR2ZFB3REc3 + NDNJNHE2OVpFaWdFVVYwOWJRajRrSDQKLS0tIHBJL2ZoTURaSGhFWDdKQ2oxcnUv + S1J2VmRIYTNSd3lkUTRBWXhkR2o3aVkKknm9GBqyoPCZZbN+A0PkOVnBWAq18rqX + SnvvX4GYiSor9H+DtPHoRkg7P2eDi8c9ISkpnXReYcRjpw1mSqFE0Q== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcEh3MGxWRGJPeEQvNGlh - bEc5T3ZRYkhkdkZFQy9zRHBNeksrRG56T1R3CjUxMUxhbDduRWo0N3FwaUYrUFpu - S0t6bGdXYTZGMmcyeElXcDJ1Z3QzVGMKLS0tIGRUWG9GYi9vT3dzSFh1aFRKNWhH - M2pGTzR6T29tcVltS21RMkNCcFpPc0kKkXGoVCNU72f8efjJvtz7cbUpPcfVG3Dl - puffE6poAyeevdSW5cAFGNgJMMWzyweUf5QvX0lu9i0CpuLFFTdacQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV05lSmRvb1JRTW1jK1dR + VFFEdGEzbTRuQk10YVhoeVhVL1cwQ2ZYVFZVCjhNTHB3N0s0N3NBMkRMZWNsRzVE + WVVZdkxBU0N2dnArY3BlYXRyUnI4QjgKLS0tIHFYai9BV0R0VTBKT0tjcDIrSUU1 + dFlxNXJRMmdNclVMeHNNYWcxRHF4b3cK2Ql2NFSci/LJhIw3lNc+2EB7XzrLsJj/ + gVHiXmF42v/vI59ZLuBZfY9tD53WfO4RFe89uh8gGh0JHly3DTS7nA== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZzFNdmJpTDVFTlJPN3ZV - cWNNaGE1bzNmbjQ0TUh3bVJXZm85R1hDOEh3Cm1GQmxsTWJxWWl5eDUvUk9DTkRP - L3pNVEovc2FLSFgxZHQ5L051VlptSlUKLS0tIHVUSUZsMm9SRE1INDExR3djMmR5 - dlJMc1ladVduUExXZVdHNlY4TU9UOHcKh9lzumXbRm2lkNPw39EQ990cNznX6Hj2 - s2dMmqHIbanQ0VCGW2Bwi542sII7qT4YW87EX+0LpUN+6bHKCR/YhQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU21WTEh1cVhkSXhTNURU + RWl0L3hFeVp1c3VJNDg5QnlHdHpLTFEzUUFFCkVkSVNLclhDZjB4amRSR25LSjhQ + TG1vN3NoWFE1ZE4rSnNneUliVFV2K3cKLS0tIEx1Q0E5bG9TVk8vWS80cklZUmhU + MHJqSis0TWJOcTk5MXBxWW5hanMyMXcKC6o2kKTVGho9t0QZGpG1ivd33iNmNu7F + UTykT8tGY+rZJTGKBXRGbFXL9prXnnAhpeRywfiKq2d1MFhJwR2ing== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cHpkZFBES3B0bGNUYjU3 - Yi9kTVNNNDNSTG4xK3NMMmxFSTd3VEJtdEVJCnFYengyY291ZFNyNE1hQ3ZVSDA1 - SXVkNDdVUjRDNHorZGlOQWM3V1QzcUkKLS0tIDZmekswRXB3OWRDVi9icUw1ZVFs - NytRZVZXTzhhRmZqeGxRZ1lQdVBYMzgKs8tR6IlB84pbS9/T4fixD43hDIrHeDIY - Bk0d64w2bkUJk7xKjxY+SNk9RHqLYmaHSudLVSlbSZ96exNBt/L9jA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbVN0MDgzcVdPNUYyTEFu + cWNVVEduQ2NsTmxBelhKU2ZaK2g0TjN1U1VRClNmbXRxWjZmQW1jSkhtZ3loNFlj + VHlreVA5K3kvV3Q3SWFEb3JoWkRjSFUKLS0tIFlaYmlTaTdFWE5HMjBzOHFkVEFQ + UFlML3RpOEo4RTZEREplMFVTdm9QYzQK73riJYtOcy4Edzcf/BehAEhYPNNmMu/P + wbnfg79Dz2vslu81s44uc08rQdYDyp2ByS64ov4AwjYnQ4t3Hs7SgQ== -----END AGE ENCRYPTED FILE----- - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUFqYVFHcnM0ZllNYUR5 - a09mZVA0OWhNSnI0aUw5WFZlaHUzN2lRR0NvCkhaaUVSWUxuQU9qRHpSdTROSVJi - SS9YQTdtdzdWNnhRd2FSdFpVTHVvWlEKLS0tIGVkN3Q1UE9NSXZGWHRGRGwzZGRh - Ni8rbWRWSkdtc1BwdGlaVGlNZExBWWcKbHXUCrg7c1Ekq2bQs/m22TwBijcG+3WP - vNp6a5V0wDgoDP49W4AodMarygePJzW/NgndlUXqIWuIbm6VFUEHRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTVgzZHFISlFwMndON1Zy + VmRxWmUxdVhIU1dBb1FCNDFpeERQblBmNkNVCjBKalRSblFGREprZCtLaUV3bkJq + L09OZzJjSzdkV0J3c3cxRmNqYXluNTgKLS0tIENvQzk4UGlIeVJZa2FBS3YxQ0o4 + aE5wcVpqRVFaUDZEbUR2ckZZUlpFbFkKF3QH10Qb+UNpRbM3JzVRCjJfz4J10aB5 + a67zfK+4Nf1lqWMcTC72zOJo1b4OitkwOZPSHUwd37URLxA+b3F0+Q== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdlF3bzF4d004VS9NcHNH - ZnBEa2xHd3ZUYW5NUlVGd2JxRGJPcW9lT2tRCnVSUWx4Z1g2U2pyNjhaWnVxdDEx - SGtSNTdrMmtHeUtuL1lWQi9FUTZyZW8KLS0tIE1tNTdoOFdQV1p4MGNUYWtRQ0N5 - bFNpdm00MXJIMCtxelVIMXVtNG5XWlUKtkL3P6x2rafYSTCW5zv/54tgU20FYwhi - RFc5sZRkgXhoXw+zrKkhDc28Xn+Aby2pUth9ihs1ngVB8OUqAZbrXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbGFOOWpyOXY3dlpKeDgy + cGVpY1dkamd2RU5qWm1MVzBEUXlqV1EwRlZ3CmFyUXJ6Y1lSNlFNNSswRUc5dTVx + T2xQQlhzbVAxS2c3RUpxVHVYelBEYUkKLS0tIHU1SUpoZi85WG1uMitUVmFkdG91 + bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0 + OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-07-05T11:01:02Z" mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str] pgp: - - created_at: "2025-07-10T23:51:25Z" + - created_at: "2025-11-11T17:51:25Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ//R2fMRdWshY0+/feMDAF7t/Z0YwwAT63gzfqKG8aKC3cf - skGJtXBZ4CFW/tK0J62nS0qUIYrkWokACJk72luYg61u1KX1wUaEEqnRcEzZsxQC - Ib6hYXyKl87WYv99QUDaItBBBoSd9BhiDCnWv5nrstZSDy+RwlIYPhQy9KgeDt0H - 6pRnPEL3VU41AYt6YKl4yLBOjweftLwZkDgKyaJalwbLmFHWOvmvESL0kBj83hyX - Lw/XZlh9KUi+xEeYmHUCjO9xDgvJsMGTUY7m52U0W0faarzy59yYWnENROwm9jCK - XoYDu903CtxqSybKJ2AtGHWx2cuOmTjsHPEefqmK7M3XsVpsHgvx1Jo1eQYO1mPI - ZiryTsN1YMYXUkgGfFePmqA9X2iC/meboCWPcRt8lUIfmWx7uMGsv+mGXT37lWyu - wYl9Y2x0qwfAOyg3wNdojE5t4rlr/XaQ+k8Ep1ud37pgXFryQtnNhwgtYuPVWiFK - jnnUDCZrbsWbMmL88ZGYPNIcrBGAgmfYWzkWrU6fICYWIzJdgiWg91ANRHX9vnwG - 5YjZHoHnBRMQg32MInjBJrm/4r38DFQBm67bI1Ol6RMDp/wD5hLrbC6gnq0hGRJt - GzsRPphwrecifIBtck5/vs/f134Y+6BIADJHNEHTA/LnJC8K1VYRW5aBiFvyUWqF - AgwDC9FRLmchgYQBEADKxwFZHBejt2dr2w83XZcLCV/0Mf64DOk7I16VKZ5gBNXA - 4N4W8Q/of2/EH1a8eZ5A8DZPkVZMavdXkQnww8+if6yx0e4moBusUAzeKP0XtY7T - ABUueS7B9Ou3yhdVynpOfmU+EBwQXEuYhVsOlWUJGpfESoOBRyQv12P7ToOS4pz+ - panGeOMo5tzU/8vfkbRIF+9WWKPy/JfsufXGNQkdErgnTAdRCUegPO8kVpwZ5hE/ - 7IGtddUUnwC+kIlkv4N4eM9QabjWmU70L+THveJ4q7JJCmsimYPocbikVhPK7pb0 - mqU9hUMxJbBq6sPjLIq4QaSkSSipbiUUdZjoWuKuIbMjm6M7oWR2uGfQO3d5R+VZ - 3N3xkWPVnzoChq3zB35gkF6RniMhFMCjhYOPidYQ8QH68zN7pe3YzE0HkXgirjs1 - Zux8KlR/Vmh7wQjzWEfv3yK7Rjj8ePt4cdAfozFf7YMUPQWSr+BJ+1CVfI3X5Gb0 - RrWwJm59MicK7mONCDB59LMKUYciQc9JGlpl6oSkbdsy49OToPtuShsoBN/nmgVE - yU8BWhJt02KFLKvs+v+HXuxXgrUfl1zNAtzH0PrB40nuyoCFuvomUExCJiTTEMgs - YBwXdecgwcRta0/Q368DZqJzxiiYIy5xlZxFFMkA62JfJLUFy9/Suy+mReWBLdJc - Acr8AJq92TiCmHED4Rc78SaFDYjJYfvc6JLJDHxU0r2ucoMwKAR15gDDOaARt3B5 - Af7fxGWQ40sY56YgjgpBRaoXYDySuQ9Ylegd33hUzEOfOqKHFNAE+aH54QM= - =Enyz + hQIMAwDh3VI7VctTAQ/+KEHJIsZn5VF+vGkqGoMmoqYcRQ+TVXeOIAA6ZM4G/VN1 + 3AEcFmq3JQo/Bjvq0pl1IQbvCzT6bNprl3ADmXeqt9x8MOoc28Qx2AJcOmfT+Gzu + AL2Y0zuJ54qXqgBfF+b/014Ek0fxMSPbUI8EuIPPMWuG+upQqhlcvxTr5usvO3qn + dfxt0R7ISwjA9pDYs3fBI+65M4eq0yrSyfsoKQLKsLRXSn3rO56vSS3jTHc3FwWD + 0cOOrWNMdbSnAFeMsioG1sfH4LlzDG3MM96Ne49f9dv0Z9JmLFV18i85mzN75i0p + 4cmcMC6XrHasdLXcvfob42n1PMRArOpLppf0kk3UVvNcx3xVKmCp6S39LIR++763 + wawC22oo6rz3aFRqVqGMudWub2DamsQrnb0IQjnRP249JLROw/cd/h1LaG02ZSP5 + zSz/TmZ1FjgO6aT8oMUQyiDCEq8BfFO6i6SQLkXxw9pfy5kqX5OGh02xLceAzTYH + HCTZm/DRYZw7XimA0CTw51Jd5qy0t7vddcN1bjSy3uZH4CyFn0AsDLvHo6t7xTSr + hZKR8ICbUUDOIi5hLskqFvtSUYIBJoH8NwcMyPukK+ZrrLOwSMWa3qB7r3NodXd0 + NsxxFT9GiQAtD46SgATLhgHCmP5L8DlVvWv3zyYpim7VxoLW8T5s6yOkURAHWlOF + AgwDC9FRLmchgYQBD/9NR8LjoQkd95Qrff2NN7wU5a2QD/dSkQgLAkjWnJ+S14TU + zHdZPp/lorQw5pXanndDRMElZdFrfL7CKI4e4Dd3oPdOpRW9+8/7iyDrW1Pcsgz6 + H2qAEMjLESdWswxbS8uEdX6UzYUBv3+BamedgbBj95qPtPnTaQvGCUL+kpBb7YTm + +Fo1tlC5fZ6jr/V3qacNeG8nFDLm1GvhWOtqNW16Dt4z3RaYBtYF7ElMXRMq11iT + iFMT512SN7/e8dd1jDcFg6Cw4NkU7o+6bA+gs/P7ksAJxyUqAn9elhKYSrNeSDnD + Vtb92/kFO5dc3CrD1F24FyD1Xe6sgqETFL6OilvEGQ/wYJ/AXu84q0ch23f0Tksm + kk6ZpQLd7QKgow5pLwnAbpFBS1P5cemPY6gvmUAtgYJrGLIxxtk44SVhlQeSX3lq + eEJT4lZTu8gzQLTnDiZWJpVTnppZhMqXV2LsWAFU2XRHpuCnAuT0HmNFbaqzzC3r + tWa5lZRjgzs5e+zxsRhz+OfwwtJMWZw9OAmIQiRWeitZpk0XMYGraQce2ohPQlSQ + RFarR7EDDevuvRnLmbhhK73of6v8Wb0J/40gZZIWVLRT1LcNBz9ueBsHwPTvvCe5 + FFELdJcxYfIGaCINU6uwvNulS/47f1rpyCtoegNtSvzGtmc+/r2RR8emd8lMS9Jc + AYmI7h6C5XznEGGVtIoAkW44WhIm+Y08tbJoMevp6aRADTnEC6CY1cH3H1ZQbdp0 + YeN6qE3d91gmxW25hsStr8Mcy0JPIflt3kxcWeASpgJnbkOgxtgxhMqYAqc= + =R1dw -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index f11e9d5..52b8c15 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -34,98 +34,107 @@ sops: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhU2M0UFVMOXFONzN5WVU5 - TExjNEkxbnhEOWJPemtqcW92WDVJTXlNRDNBCnVoMTFreXBZVjdFMWpxUzZhaU5j - d0xZYUQxdUx4ZFZteHlsM2pJZXZQQ28KLS0tIEJjdjlHdklmalRUUGhLSEFDTmkx - cjZNZnRVSmcxNnFCRzgrWnhOMlYzc2sKK13rGMFVsXQkNERYQLrhgYHbDn0jPYbl - H1pQPZdWw+LXw1Z+Y9nj74KTPPLnPckVTwETUfvs9EFkcFIyhzGK6w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU8xU0tHWVJOYjR1UVpz + THlRK0FvYisyR3NqTVk1QUlhQVJGbTJROTJBCjVMQThqK3cvUGZlcU5WOEJncnM4 + ZlcrQmdCVTZsT0t0ODhJUG4vY0JlWGMKLS0tIGpQY3hqdDA5bkhOU2I0UGVHaU5F + T2pYcDRMczh3c1B6cmNFMXRYM21Ea28K6An8G4+/mwC7SNYyV3cpx1AQuUsO3uKh + EG6oyvwcLbbqAdHkKLiDdD2bG/NNp+f9xycNyG2AH/8T6kl0fQN2gg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djB6aDJRdW5zdjMrMnhJ + YmF2WncrazVUMWNaNXBWU2Y0TVh2S1VpbmtZCjdXQmM0RzVJK1ZNSlhwd2NvSHFO + UmlXZEZWRzJnSGJtdFFUQVd2aytNU00KLS0tIFhwQWQ1MnBVZllzb0VyQzJMRm9Z + Qk5XdXUrcloxelBlVlJuMmpJZ2liK28KNt0EMbRBErf1GExZ7QBnrvwRKozNaHQF + MeFiEuIRAS4vSUHz2dHo7/iyub7D//qXKt4vD6DURfCHhhoGUF1Qdg== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWM01DeFcvQjM2bW5DcFM4 - YzF5TTlURkxRYVdVbjdReG9LbUdYNjMwMFNBCmZJckdBM1YyZEFDT2RhT3g5bHJo - eVVISmhqQUZJTm1WQjNvOUE5MytiTU0KLS0tIEwrVGFwVEE2ODQwb2RyNzdselJa - b2tiTzZCcHB1NVJWS3Z6VTdMelcvTlEKdW6kkCiI1YhV7Da6SrCQxP0zdUc2ICSC - voGlNOnPb5iACvgLnX/a6EBKKO7PScKIFAzsWROC9MlLoF7ERnZdSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWm15SitONndOZkVDekNl + ajhTQXljdllXaEJ3RVdQRm5sdFJnV0VpQ0E4Ck9nTEVSYmNDK1RUbnU0TkFabnEz + aHVxcTNqUGJ3cDkybHllSmRPVW9Fa2cKLS0tIDgyZjZnV3hWS3phUG1RMjU1Lzlr + QWZLTUV2ZVJlRXBrN3ZXZFRBaGtabE0Kgcy7XL1iCLifYHxydg29tIyPYUQ7hgd9 + c589DNlukEn+i1J4pBkiLDnTUxDOEsUv2VJlGTRrdbFsfjU7PdvG6g== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNnF1N25qMUkyL0N1RSt4 - ZlRPVGpsY2hkbWZKREg4cU92Y2MwM0twaXdJCmJwTWl2NjlETXJ6WFNwN2JpT3Fm - WjRqVlc4SW9DejV0Q0JGNkJpQm1NOGMKLS0tIHpQRGc5eHQ3bHFnRzBNRGx0ckFV - czdKU1p0WXQ0enRyWXpaT0k2NHBzZkEKqLRezUd0z2PF0wakJe39NAz/MkpXIRAl - hvIqWsWyXHUU4a+mXwX8XWgs/uejuyXmHa7TgavqkHs9s4/p+KtNnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGt6Nkd1TWhLc2FpZXM5 + cEhDUWVNU0xSWjZlZFdsb3FmbGQyUVV1MGp3CmNUcG14UXpyLytNRFFVRWw5b09n + ZU0wMDcxZVJENWdlcVpEQU9Mdnlkd1EKLS0tIGxHSTBXWi9EQkNYL3p6NGJvU2Zo + cVRHeVJXTVIvaW85Skh0Ym5vRjllaFkKhuQpyhqyTz2eoQ0Mxt0/CaNHgaksrdbH + rBDEw0U0eXX54oQkqNZD/HUosmLO4f2EZKMhBnFaZ8LvaOV6jM9Mpw== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWTFhTlMyVkZpeFRqaG4y - RDBhMEtpSXYyMGFnN3pkVGljSGN6MVlTaFMwCjlJd1UwbXVDT2M2R0hsQStqeEQ1 - YmNTNjdTRkU5aDZZd01DYjNaOWhKMFEKLS0tIFFKS1dXc2ZjVWlRR2ppSDRaRHRJ - cGwzMUFNTHZzcjZVTFNCcmp6VmdFNDQKNVeV1BGVuaUbSHHBOZzb/RJP4umX45RR - 14RInoF9i1ByEzY6KS2nyP83EQzbAgfdaUkPKkIpzytj+3gvlnI/RQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM3hLYnNMVS80R08xbm1s + YklvK05mc255bUNjc1RYbmlOblo4cXcwRTBnCnVabFR4UFpDNSs2UUNoRUpYZ1dJ + d2xZRlhMNGM2M2RzTEwveWh4NmRSVWMKLS0tIFZTeGY4MzFxMWppOFlseFZWcG5D + RkUrdDJTNmNhQkFzWTRKbnM2OElDbW8KXITNQ+SKRxIBHh8vgqq+d0u3oLejr6mP + OxhLohXXPXi7r2KTVTVjCu5fbDyVix/L604LvJE623ALl0pmyQq9XA== -----END AGE ENCRYPTED FILE----- - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWk81ZXFRQnRnMjhVZmZL - N1p0eTRSQWt5akJ2ZjZid2VUNW1ndFNWeFQ4CjBlZndkV0pKeFpZUjlzdHJsQTlR - VXE1K0p3TlhJdkdPMFRTL29BaUd5bmMKLS0tIDVlS0FmRUFjTTBpd3pGRVZMbWxF - cjlaR0xvUmZvdlFlZlFwam5IU1hYZ2MKOMW/ZsXOLtYnYCVf0JIxlfXNTDjSuscn - l1p2HspWo7J1RfJbOQgScy6rmUB/9HRMHlnwpnjgOYWE4EmuKcMYSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHVXQXRGZnl0QUEzQ00r + cGpaS0RpYnVHVjg4cGNTdzBTMXFvTkUya3lnCmlJai8ySUxONXNnWW9BR0tKMDdr + RHVLTUYxY1FMSjFnaFdZSy9nekV1dWsKLS0tIEFuL3FTQ0xNOHJsSHlzR3VFT0FK + RE05ODd5bnFkVzlXVXlBU0FZa01nNzAKzjfkwKN4mC04r+AMNPTIt/lSMUuL/OD0 + MGtqjZFB6vGrcqV/t0EbkZfxCqfmUeTDZgwWM2r6zhihb6Y9vTjHTA== -----END AGE ENCRYPTED FILE----- - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOUhETXZpTWs5dWw1VVhX - Zi85OU9PekJQSHBIbHpNMVh6b2doa0wvSHc0CitvanJBOFgwb3V1TEpjQ2xXa2Fq - UGtzdTB1OEwxSWJKVkZJWjBDV2MwMncKLS0tIERpTlE1cWRaemZFZDAvcGx6QTNK - amtUQkgvTEJFblFUWTE0RWg1cUVUbmsKx35Yu+wpJwlVd2JrXCT/qybmLjCmT+/0 - v99LzVDWiiAPx8ryU2FeAZ/umDDIQfkzyLbi2f460ATKZhVfqhNDDw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmpKaWM5dVNDWDJLOUlj + bGZiUzNWMkFkT3IzNUtqZmt6ZW5WSDVyUlUwCkx6aFIxTnNnd1N5ZkZDYldmTndX + T0g2Yy9tVVpHQ3FYY2RtVmhjSS83TUEKLS0tIFNTT0JUbVBqNDVvWnAyaVRhcllj + ZjNtSU5iYVpXQXA4QUU1YjBCU2xKaFEK+cANW7VGs7HQTmMDEY2oLG6pSBnBLFXn + /PpoqzxNVovh7ghFRduDcHWuJI+DBtn1axmSXF/K22WO6LG59/hr5A== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEx1eUR0TnRVL0tsN1lV - amN2M0VlUHVpNjJvM0x3UVVhUzY5QTRObG5VCndkblVGdExHZDBMbVZmU3J4K2JI - dHZoVDZHTHJldTFLMDdlMUFTNGtjbEUKLS0tIExKVVd1UGtvelRsQldnMTBXTll3 - SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP - wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTlyeDBGa1hNek5aWnlr + RzlWN2dDaU9IeXovb1BGTXR1RG1ZUVdwTUVvCkRuVXFnYWpOakZYamZtdDNMRjQ0 + ajU0VmtraEplbDU0ajZyT2psWVBrVlEKLS0tIEhXa2F6RFlsQnc5ejZETVBvOFYz + Wlo1WFlvZFJXZWZBVkh6UUpCRmVESFkKqbuLxX706LssJTNyvg0ghDjyJaVuYfgJ + X1OJbbBvHerqvOmk03biU93oo6PygdAAgkPFI7JnxvQP1U4IH45Esw== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-11-03T15:12:52Z" mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str] pgp: - - created_at: "2025-07-10T23:51:26Z" + - created_at: "2025-11-11T17:51:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ/+OG92tnH/dwXLTdqlvN6sEPREG/oZTLGvjPiM0Ipqyrcz - rgTrso9MjBf0xZkxjH49CWqBpTBoOsxopdSU2cvte2IdQEQCgCJcqff3okBsT/Cm - 3yz10DNTdI17cc2tLFJtvcWubf+amRXTM8IbDozkc4ttuhCbCRcFMaJ0NTVMz+rV - pff9UQWGmAWBKK/u26prf6NeCU2C/v3vLAxAxVjuPBxNpXFZEuu88DdE0lIMy1rO - ZAsYz7O6/flf3qbl74HXhNUhWwDTUJtU0beGSv/sziAPSEV0lpScZbq5HdFvNUk6 - rH8Tf1IdV6n0lvDqVdnY7XbmXlF0neSLJedWf6eAmcvnedCTVzMGSNAIVhiW9Y2f - IURsyK8NXnZTw2G5J4BOwx082Z1wroH0cJgQz1IcfU/I78DUaysH87mYfUQAGPV7 - cLICS/2n+olgkC9nAz9ZQO7+98Ylk1n4EKkhW2hzR5av8LSu5rs9uTkO1KWz5mTT - QjsWNlD8+1OvEFxELJtdMLnTpMTZqPouwRhDhJLoh6to2/HT48xCpUu4sMyj1AY+ - ECGsXzNbfb6dlAvuloNq9DoEP3nP4KJ6DKv7gnsbS1WVT6LoG9Yg6s00YnWiMomd - 0ByLH5KZdlBkZFV0K/WGWpj3c3H0IIM32+w2yYSCVQEY8UeSTQ54bI0ao+ISPLCF - AgwDC9FRLmchgYQBEAC2x72z23cpRyfiQD32Pzb4cDheSawiXSolOZMAExsRDmYl - IhMyMOwWmetg4HOwfGhq1PuM7t1k7maVa8ulWQcmD7eSmehiaMzYpA/gctf8GFQ6 - 4mmQ1siBC1qArfMgFgd9yS126NUGqXAWsrnptnlIbYuY/OsiS7W2JKLQUcx8TZqx - 6NC2zIi5+h+ZbRugpz4ZG8OjFnUwbLdZeDJ1M6i/TVuDJjGC1JkEePjY3IvcmB7P - QTzGCsYKwYSeUuAKel9ueqvznNqACQ78/NC/mYy8xTMiyjnhOqOFvmlHLZLy8cFs - m0eLlEfQycwGOIPZa7xo98AZ0Ohvykqy8SBcp6JSEoWcXi//lLfG2z5agfd7bEUP - X0rOKwmFL1l3w1sAUzmKTa29G8b2+rrCoKCHyByDQXyhgLa3aCx7tKS1iNwGdXmc - emvV15+jf/xQ8FrDDZFJGRuCVyuCGphEN8VxFR2BWRjEHEsy9gRMaJlo8gIw54Oe - ciMEBRjT+3l9B4Qipvm8V+okrdHQ56k9AbpbsAnpyHQ6A8AN7oJ19uzBq1nzRU9p - yE4lKNIjOIJmghvUcL8jwld6+w6iMkk7Ss0ClavTA06hWld6mDoRvfrQl+t4nogT - xypUidp/KtILrorNEVwaCsuXrqe5AspOcr8SqA77t9+Yj6b9x8gdJNZwvcMIB9Je - AXC4iun4BpIMdbg2beONi0Iwq+IeYOTdvpo8HKk1qrQCN4zHGaO6iZLrDFqN01DA - IyppFwRhJ60d5TjKweEn03KAT9oVsjN4nwpazd4JkLANXrxXX2wDYOVlnfYyng== - =jNoq + hQIMAwDh3VI7VctTARAAzM9wzRQI9IYBz9sXGG1YKIojcuhi3UnZNjOwRQeJbSsw + OMPY/e84m668uFaGUwOPwFkYikBCaPF3OmzNhMDqxHPUbFJN/6UA8ntLuugHrhs9 + brpt52yYvo69znaR8iYXw/S0mL4rfLnHkc8p69RkBCk/4FrA/Jj/KImcFxZ8GDcf + G5dfaEmJCRfZGeyr1D7RVJ0gs3LQT9M8c9Qm/ShRQQqVlEko4rjsOmqOt6eapSuQ + KnlsEtYS5yZOFoBtabmlTiFgdC8vaHQ+oxI98phdRkc0xDpqZetMMVlgonbewur8 + nVZPb+wxULeltkIIleWQx2E0D9RBi5Xu+L+vXj7jJYwUNajqama/N+1wB7DsiBeu + cdPjLyRcXPD5pE2qi24X1nzBiWdjef0tkJiH07MQtXA4r3PLtX8a3cCvVsecoT4D + 0oK8dGumaXSj8NkYB/kP47hOleSYzNGWPR4iMiXYNJHhUw0Otr0GFSfjVo7s7KBi + 6WO6tWE2VLVuolABEKQPF4sadF1fXxcv9artuzUX9MZquOvsOvEgkQnYzGIY9hio + 2X8nyLxORpwPFmPcZ5WeVyaZ04CiM9nTiflFgt5X/rX1Mf3sKa0NkrhO3+k7lx1j + GjWvgiuCkgLYt0fLgyYVEj/N8jHjcCejVEsiwAoP/apvEgFylgI+YwyXOJXXz0qF + AgsDC9FRLmchgYQBD/jvs1GaGr52Qu1TP7IXqg353G3yZDPoPmQhdkiOKLFe5wXD + PaqNUNOQG4qwffuPBSfyw5XHYZN1v0SCwrNpQ24DFnT5XjVTboYl+DN4bWStrSE+ + ZpGUy+PxvSgKY8lbvGi0+RX1NW32Gwz1cuPNQRnwS/jwCFrxgk1aCnK5+USAmNfi + R5+ex+Ij6+EEiMRpvNdN2ViCP2PfFMLYOR4pjvLL7i1XSPLhGxORcCyIKw8RAi+J + I/qP7IubG1XTsS7gm0D4Rf4eYOy9O3Qi/g+GOk8mxCXaym7hQmCcM5H+m4R85Zxy + EIXKGQhs2UB7JD47SJ1iY3FBFzq3jpn0wPq6piy4lJVR/+r9Zd99EcWOEjuoavE/ + 24q+Z3OB864Fks9hVl8herQbV4oGqHTQJr9Y5ScnS+7RuAV6Cy7d0nEaj/H4jBxN + fKpFGAJ3LkwxKfAwxximTq2lgHBtCyMably7XBc3D0Cyb1lyG5mss3tWNXRNkckL + yg9I64lKdEQz2Fp7qs8JDWmbhUl6eyDtGX+4KKW7lsFTbi4kvo/FgtW6m6xaP57k + PPOJlfDHOqZy7GR+hvaHBIgFkhvqIvJjARK5OaDyP19NMtA7qNJOwParSikkTeXl + XgkZGnh3ID3EJ5V9vMIYqrhhjDU5Qb/avytjEoef8GYmPb8bWd0sVODEL59T0l4B + u4ahb81JM4JVo+p1P+W+0gXA8uUgP9pJ7lWjNCV+oL5RWTJRaTzSwa8ywj5HjLdH + +M50prEhcMiDupwZXU2prEKrCIWUGpeaHK3DIJmWhbO8Hh8OCXeQ+EFfxB+Z + =s+4A -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted